Incorrect Titles in Code Scanning Alerts Section

[ncoop57]

Github’s Code scanning alerts section shows incorrect filename and path to file in flagged security alerts when using your security scanning tool:

As shown, the title states the issue is at DESCipherExample.java at the path src/main/java/com/minimals/des. However, the problem is actually located in DESReplaceCipherExample.java at the path src/main/java/com/minimals/des_replace, which is correctly shown in the subtitle.

This issue was originally opened in github/codeql#4800 and was told to move it here: github/codeql#4800 (comment)

[prabhu]

Hi @ncoop57

Thank you for filing this ticket. Will you be able to share the .sarif files produced? Also is the repository publicly available for testing?

[ncoop57]

Here is the repository I used for testing: https://github.com/ncoop57/codescanning. However, I'm not sure how the .sarif files are produced using code scanning and so I am not sure where to grab them from. If you have information on where I can download them, I'll be happy to upload them here.