Skip to content

Commit 49c0eed

Browse files
martincostellomartincostello
authored
🐛 SAST detect new GitHub app slug for CodeQL (#3591)
* Fix SAST no longer working for CodeQL The app slug for CodeQL appears to have changed from `github-advanced-security` to `github-code-scanning`, causing the SAST rule to false-negative on commits. Signed-off-by: martincostello <[email protected]> * Fix lint warning Fix lint warning. Signed-off-by: martincostello <[email protected]> --------- Signed-off-by: martincostello <[email protected]>
1 parent 4b8066a commit 49c0eed

File tree

2 files changed

+76
-2
lines changed

2 files changed

+76
-2
lines changed

checks/sast.go

+6-1
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,12 @@ const CheckSAST = "SAST"
3636

3737
var errInvalid = errors.New("invalid")
3838

39-
var sastTools = map[string]bool{"github-code-scanning": true, "lgtm-com": true, "sonarcloud": true}
39+
var sastTools = map[string]bool{
40+
"github-advanced-security": true,
41+
"github-code-scanning": true,
42+
"lgtm-com": true,
43+
"sonarcloud": true,
44+
}
4045

4146
var allowedConclusions = map[string]bool{"success": true, "neutral": true}
4247

checks/sast_test.go

+70-1
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,53 @@ func Test_SAST(t *testing.T) {
6060
expected: checker.CheckResult{Score: -1},
6161
},
6262
{
63-
name: "Successful SAST checker should return success status",
63+
name: "Successful SAST checker should return success status for github-advanced-security",
64+
commits: []clients.Commit{
65+
{
66+
AssociatedMergeRequest: clients.PullRequest{
67+
MergedAt: time.Now().Add(time.Hour - 1),
68+
},
69+
},
70+
},
71+
searchresult: clients.SearchResponse{},
72+
checkRuns: []clients.CheckRun{
73+
{
74+
Status: "completed",
75+
Conclusion: "success",
76+
App: clients.CheckRunApp{
77+
Slug: "github-advanced-security",
78+
},
79+
},
80+
},
81+
expected: checker.CheckResult{
82+
Score: 10,
83+
},
84+
},
85+
{
86+
name: "Successful SAST checker should return success status for github-code-scanning",
87+
commits: []clients.Commit{
88+
{
89+
AssociatedMergeRequest: clients.PullRequest{
90+
MergedAt: time.Now().Add(time.Hour - 1),
91+
},
92+
},
93+
},
94+
searchresult: clients.SearchResponse{},
95+
checkRuns: []clients.CheckRun{
96+
{
97+
Status: "completed",
98+
Conclusion: "success",
99+
App: clients.CheckRunApp{
100+
Slug: "github-code-scanning",
101+
},
102+
},
103+
},
104+
expected: checker.CheckResult{
105+
Score: 10,
106+
},
107+
},
108+
{
109+
name: "Successful SAST checker should return success status for lgtm",
64110
commits: []clients.Commit{
65111
{
66112
AssociatedMergeRequest: clients.PullRequest{
@@ -82,6 +128,29 @@ func Test_SAST(t *testing.T) {
82128
Score: 10,
83129
},
84130
},
131+
{
132+
name: "Successful SAST checker should return success status for sonarcloud",
133+
commits: []clients.Commit{
134+
{
135+
AssociatedMergeRequest: clients.PullRequest{
136+
MergedAt: time.Now().Add(time.Hour - 1),
137+
},
138+
},
139+
},
140+
searchresult: clients.SearchResponse{},
141+
checkRuns: []clients.CheckRun{
142+
{
143+
Status: "completed",
144+
Conclusion: "success",
145+
App: clients.CheckRunApp{
146+
Slug: "sonarcloud",
147+
},
148+
},
149+
},
150+
expected: checker.CheckResult{
151+
Score: 10,
152+
},
153+
},
85154
{
86155
name: "Failed SAST checker should return success status",
87156
commits: []clients.Commit{

0 commit comments

Comments
 (0)