Fix SARIF reports to comply with specification#1975
Fix SARIF reports to comply with specification#1975friedbyalice wants to merge 1 commit intofacebook:mainfrom
Conversation
|
Hi @friedbyalice! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks! |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
| let file_path = "file:" ^ filename in | ||
| {Sarifbug_j.uri= file_path; Sarifbug_j.uriBaseId= absolute_source_name} | ||
| let absolute_project_root = "file:" ^ Config.project_root in | ||
| {Sarifbug_j.uri= filename; Sarifbug_j.uriBaseId= absolute_project_root} |
There was a problem hiding this comment.
Alternatively, uriBaseId can be set to the constant "%srcroot%" as described here. This helps when scanning repositories where we typically want the SARIF report to be the same (for the same commit) regardless of where the local checkout appears on the filesystem.
There was a problem hiding this comment.
Yep indeed, that's one of the options I explored which also worked!
2 participants
Fixes #1974
Please note this is a personal contribution, not on behalf of my employer