Skip to content

Commit 5c66a49

Browse files
crazy-maxcrazy-max
authored
Merge pull request moby#5235 from crazy-max/fix-govulncheck
hack: ensure SARIF output has results field defined for govulncheck
2 parents 148c80b + 255b223 commit 5c66a49

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

hack/dockerfiles/govulncheck.Dockerfile

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ ARG FORMAT="text"
66

77
FROM golang:${GO_VERSION}-alpine AS base
88
WORKDIR /go/src/github.com/moby/buildkit
9+
RUN apk add --no-cache jq moreutils
910
ARG GOVULNCHECK_VERSION
1011
RUN --mount=type=cache,target=/root/.cache \
1112
--mount=type=cache,target=/go/pkg/mod \
@@ -17,6 +18,12 @@ RUN --mount=type=bind,target=. <<EOT
1718
set -ex
1819
mkdir /out
1920
govulncheck -format ${FORMAT} ./... | tee /out/govulncheck.out
21+
if [ "${FORMAT}" = "sarif" ]; then
22+
# Make sure "results" field is defined in SARIF output otherwise GitHub Code Scanning
23+
# will fail when uploading report with "Invalid SARIF. Missing 'results' array in run."
24+
# Relates to https://github.com/golang/vuln/blob/ffdef74cc44d7eb71931d8d414c478b966812488/internal/sarif/sarif.go#L69
25+
jq '(.runs[] | select(.results == null) | .results) |= []' /out/govulncheck.out | tee >(sponge /out/govulncheck.out)
26+
fi
2027
EOT
2128

2229
FROM scratch AS output

0 commit comments

Comments
 (0)