-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configuring sarif reports/ Azure Pipelines Scans #1113
Comments
As you see, the sarif report contains 'region' with startLine. That's why it should be parsed by your tool/platform and showed - if it's not happening, it's likely issue with Azure Pipelines itself (or the plugin you're using). For instance, Github parses the same Sarif report and shows the lines both in general and detail view: But the Sarif format is extensive so I could miss additional properties. Can you show example how do you expect the report to looks like? Maybe the artfactLocation doesn't resolve correctly and prevents scan tab to create links to file. |
I want the report to either have an extra tab that says "line", or I want the Details tab to give the description and finish it with "at line x". I'm pretty sure that my Azure Devops uses this https://marketplace.visualstudio.com/items?itemName=sariftools.scans extension for the Scans tab, so I'll be creating an issue at that github to ask for documentation. I will keep you posted in this thread if something comes from that inquiry. |
Ok. The easiest workaround for now would be create custom reporter (based on Sarif one) and just modify message.text attribute to contain 'at line {}' suffix. For example here:
it would need to be something along ``f"{issue.desc} at line {issue.line}". Such custom reporter would need to be stored in your repository and called when running robocop. And for final solution we would need to see what we can do with accordance to Sarif format. I don't want to break any tooling by adding attributes that are not supported. But if they are (and AzureDevops tool devs confirm which ones) we can additionaly update original Sarif report. |
I have set up Robocop with Azure Pipelines for a Robot Framework repository.
I am generating a sarif report and am publishing it as a build artifact, so it shows up on the Scans tab of Azure Pipelines.
This all runs without issue, however I would like to see more data in the Scans tab.
When I download the report, it includes what line the problem is on, but I don't see the lines showing up in the Scans tab.
I know I can write a custom script to parse over all sarif entries with a location and edit the Message.Text to get it to show up in the message.text, but is there a way to configure the report or Azure to include the location line in the Scans tab?
Here's a sarif warning entry for context.
The text was updated successfully, but these errors were encountered: