codacy-analysis-cli-action icon indicating copy to clipboard operation
codacy-analysis-cli-action copied to clipboard

[TS-157] 'run-gosec' does not produce sarif output file despite args

Open jeremy-soh-partior opened this issue 2 years ago • 1 comments

Using the run-gosec: true feature does not produce a results output file despite both 'output' and 'format' args have been defined. For example:

  - name: Run Codacy Analysis CLI - Gosec
	uses: codacy/codacy-analysis-cli-action@master
	with:
	  run-gosec: "true"
          run-staticcheck: "true"
          run-docker-tools: "false"
	  output: ${{ inputs.repo-name }}.sarif 
	  format: sarif                         
	  verbose: true
	  skip-uncommitted-files-check: true
	  max-allowed-issues: 2147483647
	  gh-code-scanning-compat: true
	  api-token: ${{ secrets.CODACY_API_TOKEN }}
	  upload: true
	  
  - name: Debug - ls
    run: |
      ls -alh

It is to be noted that upload of the reported findings to the Codacy UI was successful. The findings were correctly populated. This helps to eliminate any doubt on the scan not running correctly. Is output file not supported with run-gosec: true?

jeremy-soh-partior avatar Jan 06 '23 03:01 jeremy-soh-partior

Internal ticket created : TS-157

github-actions[bot] avatar Jan 06 '23 03:01 github-actions[bot]