Update snyk-container.yml

cjoergensen · Jul 8, 2024 · dec20d1 · dec20d1
1 parent 23feb16
commit dec20d1
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml
@@ -49,6 +49,13 @@ jobs:
       with:
         image: cjoergensendk/thrifty-elastic-alerting
         args: --file=./src/Worker/Dockerfile
+      # Replace any "null" security severity values with 0. The null value is used in the case
+      # of license-related findings, which do not do not indicate a security vulnerability.
+      # See https://github.com/github/codeql-action/issues/2187 for more context.
+    - name: Post process snyk sarif file  
+      run: |
+        sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
+        
     - name: Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v3
       with: