Skip to content

fix: support using sarif and json output files at the same time #5985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 11, 2025
Merged

fix: support using sarif and json output files at the same time #5985

merged 1 commit into from
Jul 11, 2025
+90 −8

Conversation

CatalinSnyk
Copy link
Contributor

@CatalinSnyk CatalinSnyk commented Jun 20, 2025
edited by jira bot
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages
    are release-note ready, emphasizing
    what was changed, not how.
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)
  • Includes product update to be announced in the next stable release notes

What does this PR do?

This PR changes the behaviour of the golang native code test implementation to match the typescript implementation with regards to output file handling.

  1. It enables to specify and write two different files when specifying --sarif-file-output and --json-file-output.
  2. It mimics the behaviour where testing a code base without issues creates an empty sarif file for --sarif-file-output but doesn't create a file for --json-file-output.

Where should the reviewer start?

The main changes can be found in this GAF PR.
This PR also adds user journey tests for both cases and adapt the output configuration based on the new options.

How should this be manually tested?

Using --json-file-output and --sarif-file-output for code scans with CCI enabled should create two files like the parameters would specify. This can be compared to the old behaviour where only one file was being created.

What's the product update that needs to be communicated to CLI users?

  1. It enables to specify and write two different files when specifying --sarif-file-output and --json-file-output.
  2. It mimics the behaviour where testing a code base without issues creates an empty sarif file for --sarif-file-output but doesn't create a file for --json-file-output.

Risk assessment (Low | Medium | High)?

The Risk of the change is Low as it affects the rendering engine currently only used for CCI for which we have a good test coverage.

Ref: CLI-860
Ref: CLI-980

@snyk-io Snyk.io
Copy link

snyk-io bot commented Jun 20, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

code/snyk check is complete. No issues have been found. (View Details)

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 20, 2025
edited
Loading

Warnings
⚠️

Since the CLI is unifying on a standard and improved tooling, we're starting to migrate old-style imports and exports to ES6 ones.
A file you've modified is using either module.exports or require(). If you can, please update them to ES6 import syntax and export syntax.
Files found:

  • test/jest/acceptance/snyk-code/snyk-code-user-journey.spec.ts

Generated by 🚫 dangerJS against 7f28efa

@CatalinSnyk CatalinSnyk force-pushed the fix/support-sarif-json-output-files-combination branch 2 times, most recently from 4a42fd8 to 38b9327 Compare June 25, 2025 07:26
@CatalinSnyk CatalinSnyk marked this pull request as ready for review June 25, 2025 07:27
@CatalinSnyk CatalinSnyk requested a review from a team as a code owner June 25, 2025 07:27
@PeterSchafer PeterSchafer force-pushed the fix/support-sarif-json-output-files-combination branch from d8d4373 to c2b9fdc Compare July 10, 2025 12:23
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

@PeterSchafer PeterSchafer force-pushed the fix/support-sarif-json-output-files-combination branch 5 times, most recently from 217f0f9 to 5e6bfd0 Compare July 10, 2025 20:33
@PeterSchafer PeterSchafer force-pushed the fix/support-sarif-json-output-files-combination branch from 5e6bfd0 to 4ec7238 Compare July 11, 2025 12:31
@PeterSchafer PeterSchafer force-pushed the fix/support-sarif-json-output-files-combination branch from 4ec7238 to 7f28efa Compare July 11, 2025 12:46
@PeterSchafer PeterSchafer enabled auto-merge July 11, 2025 12:46
@PeterSchafer PeterSchafer merged commit 9b0259f into main Jul 11, 2025
9 checks passed
@PeterSchafer PeterSchafer deleted the fix/support-sarif-json-output-files-combination branch July 11, 2025 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@danlucian danlucian danlucian approved these changes

@j-luong j-luong j-luong approved these changes

@dotkas dotkas dotkas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@CatalinSnyk @danlucian @j-luong @dotkas @PeterSchafer