From ed49609a7331da464d49af918733c2ee2b2e1fb2 Mon Sep 17 00:00:00 2001
From: Katsuya Miyachi <kattu0426@gmail.com>
Date: Mon, 11 Sep 2023 00:08:09 +0900
Subject: [PATCH] fix(fs): assign the absolute path to be inspected to ROOTPATH
 when filesystem (#5158)

---
 pkg/report/sarif.go  | 6 ++++++
 pkg/report/writer.go | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/pkg/report/sarif.go b/pkg/report/sarif.go
index e942f94b13ad..7fb2424ed30b 100644
--- a/pkg/report/sarif.go
+++ b/pkg/report/sarif.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"html"
 	"io"
+	"path/filepath"
 	"regexp"
 	"strings"
 
@@ -46,6 +47,7 @@ type SarifWriter struct {
 	Version       string
 	run           *sarif.Run
 	locationCache map[string][]location
+	Target        string
 }
 
 type sarifData struct {
@@ -135,6 +137,10 @@ func (sw *SarifWriter) Write(report types.Report) error {
 			"repoDigests": report.Metadata.RepoDigests,
 		}
 	}
+	if sw.Target != "" {
+		absPath, _ := filepath.Abs(sw.Target)
+		rootPath = fmt.Sprintf("file://%s/", absPath)
+	}
 
 	ruleIndexes := map[string]int{}
 	for _, res := range report.Results {
diff --git a/pkg/report/writer.go b/pkg/report/writer.go
index f31d9324f277..80fe63980f28 100644
--- a/pkg/report/writer.go
+++ b/pkg/report/writer.go
@@ -16,6 +16,8 @@ import (
 	"github.com/aquasecurity/trivy/pkg/report/spdx"
 	"github.com/aquasecurity/trivy/pkg/report/table"
 	"github.com/aquasecurity/trivy/pkg/types"
+
+	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 const (
@@ -75,9 +77,14 @@ func Write(report types.Report, option flag.Options) error {
 			return xerrors.Errorf("failed to initialize template writer: %w", err)
 		}
 	case types.FormatSarif:
+		target := ""
+		if report.ArtifactType == ftypes.ArtifactFilesystem {
+			target = option.Target
+		}
 		writer = &SarifWriter{
 			Output:  output,
 			Version: option.AppVersion,
+			Target:  target,
 		}
 	case types.FormatCosignVuln:
 		writer = predicate.NewVulnWriter(output, option.AppVersion)