diff --git a/.github/workflows/pr-merge-main.yml b/.github/workflows/pr-merge-main.yml index e91acda..793bd22 100644 --- a/.github/workflows/pr-merge-main.yml +++ b/.github/workflows/pr-merge-main.yml @@ -83,8 +83,26 @@ jobs: uses: snyk/actions/gradle@0.4.0 continue-on-error: true with: - args: --org=${SNYK_ORG} --all-projects --exclude=$SNYK_TEST_EXCLUDE --sarif-file-output=snyk-report.sarif + args: --org=$SNYK_ORG --all-projects --exclude=$SNYK_TEST_EXCLUDE --sarif-file-output=snyk-report.sarif + - name: Fix undefined values + run: | + cat snyk-report.sarif | jq ' + .runs[].tool[].rules[] + |= ( + if .properties["security-severity"] == "undefined" + then .properties["security-severity"] = + ( if .shortDescription.text | test("(?i)critical") then "9.0" + elif .shortDescription.text | test("(?i)high") then "7.0" + elif .shortDescription.text | test("(?i)medium") then "4.0" + elif .shortDescription.text | test("(?i)low") then "0.1" + else "" + end + ) + else . + end + ) + ' > snyk-report-cleansed.sarif - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: snyk-report.sarif + sarif_file: snyk-report-cleansed.sarif diff --git a/.github/workflows/push-branch.yml b/.github/workflows/push-branch.yml index c520b8c..037c26d 100644 --- a/.github/workflows/push-branch.yml +++ b/.github/workflows/push-branch.yml @@ -65,11 +65,6 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Set up JDK 21 - uses: actions/setup-java@v3 - with: - java-version: '21' - distribution: 'temurin' - uses: snyk/actions/setup@0.4.0 - name: Install snyk-delta run: |