update report publishing

farrell-m · farrell-m · commit 90130c0f21d3 · 2025-01-06T15:11:53.000Z
diff --git a/.github/workflows/pr-merge-main.yml b/.github/workflows/pr-merge-main.yml
@@ -83,8 +83,26 @@ jobs:
         uses: snyk/actions/gradle@0.4.0
         continue-on-error: true
         with:
-          args: --org=${SNYK_ORG} --all-projects --exclude=$SNYK_TEST_EXCLUDE --sarif-file-output=snyk-report.sarif
+          args: --org=$SNYK_ORG --all-projects --exclude=$SNYK_TEST_EXCLUDE --sarif-file-output=snyk-report.sarif
+      - name: Fix undefined values
+        run: |
+          cat snyk-report.sarif | jq '
+              .runs[].tool[].rules[]
+              |= (
+                  if .properties["security-severity"] == "undefined"
+                  then .properties["security-severity"] =
+                   (  if .shortDescription.text | test("(?i)critical") then "9.0"
+                      elif .shortDescription.text | test("(?i)high") then "7.0"
+                      elif .shortDescription.text | test("(?i)medium") then "4.0"
+                      elif .shortDescription.text | test("(?i)low") then "0.1"
+                      else ""
+                      end
+                   )
+                   else .
+                   end
+               )
+          ' > snyk-report-cleansed.sarif
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: snyk-report.sarif
+          sarif_file: snyk-report-cleansed.sarif
diff --git a/.github/workflows/push-branch.yml b/.github/workflows/push-branch.yml
@@ -65,11 +65,6 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - name: Set up JDK 21
-        uses: actions/setup-java@v3
-        with:
-          java-version: '21'
-          distribution: 'temurin'
       - uses: snyk/actions/setup@0.4.0
       - name: Install snyk-delta
         run: |
