Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Github action to scan for vulnerabilities using Snyk fails #90

Closed
Erikvl87 opened this issue Mar 14, 2024 · 1 comment
Closed

The Github action to scan for vulnerabilities using Snyk fails #90

Erikvl87 opened this issue Mar 14, 2024 · 1 comment

Comments

@Erikvl87
Copy link
Owner

The Github action to scan for vulnerabilities using Snyk suddenly fails. This seems to be caused by the SARIF file in which the security severity is unset.

Code Scanning could not process the submitted SARIF file: could not convert rules: invalid security severity value, is not a number: null

For more information: github/codeql-action#2187
Erikvl87 added a commit that referenced this issue Mar 14, 2024
@Erikvl87
#90 Temporarily enable continue-on-error for GitHub Code Scanning
e68f7f3
Erikvl87 added a commit that referenced this issue May 1, 2024
@Erikvl87
#90 Resolve issues with Snyk related to license-related findings
762153b
Erikvl87 added a commit that referenced this issue May 1, 2024
@Erikvl87
#90 Resolve issues with Snyk related to findings without security-sev…
972ad9b 
…erity
Erikvl87 added a commit that referenced this issue May 1, 2024
@Erikvl87
#90 Resolve issues with Snyk related to findings without security-sev…
6693b4b 
…erity
@Erikvl87
Copy link
Owner Author

Erikvl87 commented May 1, 2024

Next to undefined, the snyk.sarif file also contained null as a value for security-severity property. undefined should be related to license files (according to github/codeql-action#2187), while null seemed to be caused by CVE-2024-2511.

In both cases, the value will be replaced with 0.

@Erikvl87 Erikvl87 closed this as completed May 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Erikvl87