diff --git a/.github/scripts/generate-sarif-reports.sh b/.github/scripts/generate-sarif-reports.sh index 7d7b24e91..8ef67706b 100755 --- a/.github/scripts/generate-sarif-reports.sh +++ b/.github/scripts/generate-sarif-reports.sh @@ -19,7 +19,7 @@ function createSarifReports() { yq -r '.[] | .image' | parallel ${GITHUB_JOB+--bar} --retries 10 -P 0 -k generateSarifReport "$chart" "{}" "reports/$chartName-{#}.json" # shellcheck disable=SC1009 - cat "reports/$chartName-"*.json | jq -r -s '{"$schema": .[0]["$schema"], version: .[0].version, runs: [reduce map(.runs[])[] as $run (null; .+$run as $new | .tool.driver.rules |= (.+$run.tool.driver.rules|unique_by(.id)) | $new*. | .results += ($run.results | map(.locations |= (([.[] | select(.physicalLocation)][0].physicalLocation.artifactLocation) as $physicalLocation | .[] | select(.logicalLocations)[] | map({physicalLocation:{artifactLocation:{uri:"\(.fullyQualifiedName)/\($run.properties.imageName)/\($run.originalUriBaseIds[$physicalLocation.uriBaseId].uri)\($physicalLocation.uri)"}}})))) | del(.properties, .originalUriBaseIds))]}' >"reports/$chartName.json.sarif" + cat "reports/$chartName-"*.json | jq -r -s '. as $input | {"$schema": .[0]["$schema"], version: .[0].version, runs: [reduce map(.runs[])[] as $run (null; .+$run as $new | .tool.driver.rules |= (.+$run.tool.driver.rules|unique_by(.id)) | $new*. | del(.properties, .originalUriBaseIds, .results))]} | .runs[0].results = ($input | reduce map(.runs[])[] as $run ([]; . += ($run.results | map(.locations |= (([.[] | select(.physicalLocation)][0].physicalLocation.artifactLocation) as $physicalLocation | .[] | select(.logicalLocations)[] | map({physicalLocation:{artifactLocation:{uri:"\(.fullyQualifiedName)/\($run.properties.imageName)/\($run.originalUriBaseIds[$physicalLocation.uriBaseId].uri)\($physicalLocation.uri)"}}}))))))' >"reports/$chartName.json.sarif" } function generateSarifReport() {