Sarif output should use the final schema version #2017
Assignees
Labels
Comments
|
Thank you for raising this issue. This seems to be fixed in go-sarif v2. TFLint uses go-sarif v1, so we will need to update it. |
|
I guess this doesn't have super high priority, I'm not eagerly awaiting this. I just came across it and thought it would maybe be nice to let you know |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When the sarif output is used it will use the schema https://json.schemastore.org/sarif-2.1.0-rtm.5.json which is apparently now deprecated because a final version was released. The correct schema should be https://json.schemastore.org/sarif-2.1.0.json.
Steps to reproduce:
I got the info from this validator which prints:
SARIF1011: The '$schema' property must refer to the final version of the SARIF 2.1.0 schema. This enables IDEs to provide Intellisense for SARIF log files. The SARIF standard was developed over several years, and many intermediate versions of the schema were produced. Now that the standard is final, only the OASIS standard version of the schema is valid.
Command
tflint -f=sarif
Terraform Configuration
TFLint Configuration
Output
{ "version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", "runs": [ { "tool": { "driver": { "name": "tflint", "version": "0.50.3", "informationUri": "https://github.com/terraform-linters/tflint" } }, "results": [] }, { "tool": { "driver": { "name": "tflint-errors", "version": "0.50.3", "informationUri": "https://github.com/terraform-linters/tflint" } }, "results": [] } ] }TFLint Version
0.50.3
Terraform Version
No response
Operating System
The text was updated successfully, but these errors were encountered: