SARIF location uri fields should not be empty

rkoster · git · commit dfeaf43fc31f · 2024-05-16T18:12:46.000Z
microsoft/sarif-sdk#2770
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -28,6 +28,13 @@ jobs:
         format: sarif
         output: trivy-results.sarif
 
+    - name: Fix SARIF file uri files
+      run: |
+        jq '.runs | map(.results | map(.locations
+          | map(.physicalLocaion.artifactLocation.uri = "file:///sbom.spdx.json")))' \
+          trivy-results.sarif > tmp.sarif
+        mv tmp.sarif trivy-results.sarif
+
     - uses: actions/upload-artifact@v4
       with:
         name: sbom
