snyk · thisislawatts · Mar 5, 2024 · Mar 5, 2024 · jmqd · Mar 6, 2024
@@ -88,7 +88,7 @@ ${vuln.description}`.replace(/##\s/g, '# '),
             testResult.packageManager!,
           ],
           cvssv3_baseScore: vuln.cvssScore, // AWS
-          'security-severity': vuln.cvssScore, // GitHub
+          'security-severity': String(vuln.cvssScore), // GitHub
         },
       };
     },

@@ -83,7 +83,7 @@ export function getTool(testResult): sarif.Tool {
             testResult.packageManager!,
           ],
           cvssv3_baseScore: vuln.cvssScore, // AWS
-          'security-severity': vuln.cvssScore, // GitHub
+          'security-severity': String(vuln.cvssScore), // GitHub
         },
       };
     })

@@ -31,7 +31,7 @@
                   "deb"
                 ],
                 "cvssv3_baseScore": 6.5,
-                "security-severity": 6.5
+                "security-severity": "6.5"
               }
             }
           ]

@@ -31,7 +31,7 @@
                   "deb"
                 ],
                 "cvssv3_baseScore": 6.5,
-                "security-severity": 6.5
+                "security-severity": "6.5"
               }
             }
           ]

@@ -51,7 +51,7 @@ describe('snyk test --sarif', () => {
 
     expect(stdout).toContain('"artifactsScanned": 1');
     expect(stdout).toContain('"cvssv3_baseScore": 5.3');
-    expect(stdout).toContain('"security-severity": 5.3');
+    expect(stdout).toContain('"security-severity": "5.3"');
     expect(stdout).toContain('"fullyQualifiedName": "[email protected]"');
     expect(stdout).toContain('Upgrade to [email protected]');
   });

@@ -79,7 +79,7 @@ Object {
               "id": "SNYK-JS-AJV-584908",
               "properties": Object {
                 "cvssv3_baseScore": 7.5,
-                "security-severity": 7.5,
+                "security-severity": "7.5",
                 "tags": Array [
                   "security",
                   "CWE-400",

@@ -71,7 +71,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
               "id": "SNYK-LINUX-EXPAT-450908",
               "properties": Object {
                 "cvssv3_baseScore": 7.5,
-                "security-severity": 7.5,
+                "security-severity": "7.5",
                 "tags": Array [
                   "security",
                   "CWE-611",
@@ -162,7 +162,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
               "id": "SNYK-LINUX-EXPAT-450908",
               "properties": Object {
                 "cvssv3_baseScore": 7.5,
-                "security-severity": 7.5,
+                "security-severity": "7.5",
                 "tags": Array [
                   "security",
                   "npm",
@@ -252,7 +252,7 @@ In libexpat in Expat before 2.2.7, XML input including XML names that contain a
               "id": "SNYK-LINUX-EXPAT-450908",
               "properties": Object {
                 "cvssv3_baseScore": 7.5,
-                "security-severity": 7.5,
+                "security-severity": "7.5",
                 "tags": Array [
                   "security",
                   "CWE-611",
-Original file line number
+Diff line change
@@ Expand Up / @@ -31,7 +31,7 @@ @@
                       "deb"
                     ],
                     "cvssv3_baseScore": 6.5,
-                    "security-severity": 6.5
+                    "security-severity": "6.5"
                   }
                 }
               ]
@@ Expand Down @@