Skip to content

Commit

Permalink
#90 Resolve issues with Snyk related to findings without security-sev…
Browse files Browse the repository at this point in the history
…erity
  • Loading branch information
Erikvl87 committed May 1, 2024
1 parent 762153b commit 6693b4b
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion .github/workflows/snyk-container-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,15 @@ jobs:
# Replace any "undefined" security severity values with 0. The undefined value is used in the case
# of license-related findings, which do not do not indicate a security vulnerability.
# See https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context.
- name: Post-process sarif output
- name: Post-process sarif output for security severities set to "undefined"
run: |
sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
# Replace any "null" security severity values with 0. The undefined value is used in the case
# the NVD CVSS Score is not available.
# See https://github.com/Erikvl87/docker-languagetool/issues/90 and https://github.com/github/codeql-action/issues/2187 for more context.
- name: Post-process sarif output for security severities set to "null"
run: |
sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
Expand Down

0 comments on commit 6693b4b

Please sign in to comment.