jfrog 2.50.1 - Invalid SARIF file for GHAS upload

[rseeton]

Describe the bug

Hello all,

The current jfrog release (2.50.1) produces an invalid SARIF 2.1.0 file when running a scan:

jf scan --format sarif

The resulting SARIF file is invalid per to the validator SARIF 2.1.0 validation ( https://www.jsonschemavalidator.net/ )

"shortDescription": null,

Invalid type. Expected Object but got Null.
Schema path:
https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json#/definitions/multiformatMessageString/type

The generated file cannot be loaded to GHAS. This was working with the 2.48 CLI.

Current behavior

Generated SARIF file fails validation:

"shortDescription": null,

Invalid type. Expected Object but got Null.
Schema path:
https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json#/definitions/multiformatMessageString/type

Reproduction steps

Generate SARIF file using jfrog cli:

jf scan --format sarif > TEST.sarif

Paste TEST.sarif file to the https://www.jsonschemavalidator.net/

Expected behavior

Validation should be error free.

JFrog CLI version

jf version 2.50.1

Operating system type and version

Centos 8

JFrog Artifactory version

"version" : "7.55.10"

JFrog Xray version

{"xray_version":"3.65.2","xray_revision":"bca527a"}

[rseeton]

This is a continuation of our testing of the issues raised in #2135

[attiasas]

Hi @rseeton,

Thank you for bringing this issue to our attention. This bug is already a known issue, and we have addressed and fixed it in this pull request: jfrog/jfrog-cli-core#996

The fix will be included in the next release of the CLI. Your feedback is much appreciated.

[rseeton]

jfrog-cli 2.50.2 produces a clean SARIF file, thanks!