Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore suppressed issues in sarif reports #1110

Merged
merged 6 commits into from
Nov 27, 2024
Merged

Ignore suppressed issues in sarif reports #1110

merged 6 commits into from
Nov 27, 2024

Conversation

The-Jonsey
Copy link
Contributor

Ignore suppressions in SARIF reports, as them being suppressed should exclude them from the violations, and related quality gates in the warnings ng plugin

Testing done

Unit tests were updated and was run against a jenkins instance passing in a sarif file with suppressions, which were ignored correctly

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@KalleOlaviNiemitalo
Copy link

Upstream change tomasbjerre/violations-lib#156.

@uhafner uhafner added the enhancement Enhancement of existing functionality label Nov 26, 2024
@The-Jonsey
Copy link
Contributor Author

The check failures all seem to be either unrelated test timeouts or dependency-check timing out repeatedly, not sure if there's anything that needs doing about that

uhafner
uhafner approved these changes Nov 26, 2024
View reviewed changes
src/main/java/edu/hm/hafner/analysis/parser/violations/SarifAdapter.java Outdated
Comment on lines 45 to 46
return !(violation.getSpecifics().containsKey("suppressed")
&& violation.getSpecifics().get("suppressed").equals("true"));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SImplify with getOrDefault("suppressed", "false")

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair point! updated to match

@uhafner
Copy link
Member

uhafner commented Nov 26, 2024

The check failures all seem to be either unrelated test timeouts or dependency-check timing out repeatedly, not sure if there's anything that needs doing about that

Thanks for noting, I forgot to remove the invocation from the pom.xml. This part of the build is now configured in a profile.

@uhafner
Copy link
Member

uhafner commented Nov 27, 2024

I think I fixed the timeout problems now, can you please merge with main?

@uhafner uhafner merged commit 3693955 into jenkinsci:main Nov 27, 2024
13 checks passed
@The-Jonsey The-Jonsey deleted the feature/ignore-sarif-suppressions branch November 27, 2024 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@uhafner uhafner uhafner approved these changes

Assignees

@uhafner uhafner

Labels
enhancement Enhancement of existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@The-Jonsey @KalleOlaviNiemitalo @uhafner