Draft
Conversation
MR2011
reviewed
Mar 5, 2026
| type ImportInput struct { | ||
| SARIFDocument string | ||
| ScannerName string | ||
| ServiceId int64 |
Collaborator
There was a problem hiding this comment.
Does this mean I import data only for the defined Service here?
Collaborator
Author
There was a problem hiding this comment.
Yeah was thinking that would be a way to scope import to a selected service
MR2011
reviewed
Mar 5, 2026
internal/app/sarif/importer.go
Outdated
| artifactUri := parsedResult.ArtifactUri | ||
|
|
||
| // Resolve asset | ||
| // For POC, we mock the asset resolution |
Collaborator
There was a problem hiding this comment.
I think the asset resolution is the crucial step that decides if we can import SARIF data easily or not. If I look at the example data:
"properties": { "PkgName": "example/lib", "InstalledVersion": "1.0.0", "VulnerabilityID": "CVE-2024-58251" }
The properties key includes the component that is affected by the CVE. However, Heureka doesn't store this information, meaning a mapping to ComponentInstance is not possible.
michalkrzyz
reviewed
Mar 5, 2026
Collaborator
michalkrzyz
left a comment
michalkrzyz
left a comment
There was a problem hiding this comment.
seems good to me. Still I cannot imagine much how it is going to be integrated from the existing code. Let's see it.
tsim-sap
force-pushed
the
tsim-sap/issue-1059/support-sarif
branch
2 times, most recently
from
2cce21b to
a06aabd
Compare
tsim-sap
force-pushed
the
tsim-sap/issue-1059/support-sarif
branch
from
a06aabd to
9afd73a
Compare
tsim-sap
force-pushed
the
tsim-sap/issue-1059/support-sarif
branch
from
9afd73a to
ab48bad
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.
What type of PR is this? (check all applicable)
Related Tickets & Documents
Added tests?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
Added to documentation?
Checklist