GitHub Actions report doesn't show where the error/warning occurs

Open altjx opened this issue 4 years ago • 0 comments

Background

Brakeman version: 5.2.0 Rails version: 6.1.4.4 Ruby Version: 3.0.2 Link to Rails application code: ?

Issue

RE: #1580

The github output format does not display where the error is when it's being displayed inside of a GitHub Actions workflow. Using the exact same command, the output in the terminal shows completely different.

The below example is how it looks from the terminal output

# root@bf29b8edfeea:/home/ubuntu/myapp# bin/bundle exec brakeman --format github --no-pager

Checks finished, collecting results...
Generating report...
::warning file=app/controllers//XYZ_controller.rb,line=206::Possible command injection
::warning file=lib/custom/slack.rb,line=75::Possible command injection

But from GitHub, it looks like this instead:

Screen Shot 2021-12-30 at 12 28 43 AM

The command that was used to run it from the GitHub Actions is this:

      - name: Brakeman Static Analysis Check
        run: |
          git fetch
          bin/bundle exec brakeman --format github --no-pager

Same command, but different outputs.

Dec 30 '21 05:12 altjx