Merge pull request #6487 from snyk/fix/cli-1266_sarifRunAutomationDetailsId

fix: ensure sarif runAutomationDetails ID is unique

Author: PeterSchafer

src/lib/formatters/iac-output/sarif.ts

@@ -23,8 +23,9 @@ export function createSarifOutputForIac(
 ): sarif.Log {
   // If the CLI scans a singular file, then the base path is the current working directory
   // Otherwise it's the computed path
-  const basePath = isLocalFolder(iacTestResponses[0].path)
-    ? pathLib.resolve('.', iacTestResponses[0].path)
+  const index = 0;
+  const basePath = isLocalFolder(iacTestResponses[index].path)
+    ? pathLib.resolve('.', iacTestResponses[index].path)
     : pathLib.resolve('.');
   let repoRoot: string;
   try {
@@ -61,8 +62,10 @@ export function createSarifOutputForIac(
     },
   };
 
-  const projectName = iacTestResponses[0].projectName;
-  const projectIdentifier = projectName ? `${projectName}/` : '';
+  const projectName = iacTestResponses[index].projectName;
+  const projectIdentifier = projectName
+    ? `${projectName}/${index}/`
+    : `${index}/`;
 
   return {
     $schema:

src/lib/formatters/open-source-sarif-output.ts

@@ -26,29 +26,33 @@ export function createSarifOutputForOpenSource(
     $schema:
       'https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json',
     version: '2.1.0',
-    runs: testResults.map(replaceLockfileWithManifest).map((testResult) => {
-      const projectName = testResult?.projectName;
-      const projectIdentifier = projectName ? `${projectName}/` : '';
+    runs: testResults
+      .map(replaceLockfileWithManifest)
+      .map((testResult, index) => {
+        const projectName = testResult?.projectName;
+        const projectIdentifier = projectName
+          ? `${projectName}/${index}/`
+          : `${index}/`;
 
-      return {
-        tool: {
-          driver: {
-            name: 'Snyk Open Source',
-            semanticVersion: getVersion(),
-            version: getVersion(),
-            informationUri: 'https://docs.snyk.io/',
-            properties: {
-              artifactsScanned: testResult.dependencyCount,
+        return {
+          tool: {
+            driver: {
+              name: 'Snyk Open Source',
+              semanticVersion: getVersion(),
+              version: getVersion(),
+              informationUri: 'https://docs.snyk.io/',
+              properties: {
+                artifactsScanned: testResult.dependencyCount,
+              },
+              rules: getRules(testResult),
             },
-            rules: getRules(testResult),
           },
-        },
-        automationDetails: {
-          id: `Snyk/Open Source/${projectIdentifier}${new Date().toISOString()}`,
-        },
-        results: getResults(testResult),
-      };
-    }),
+          automationDetails: {
+            id: `Snyk/Open Source/${projectIdentifier}${new Date().toISOString()}`,
+          },
+          results: getResults(testResult),
+        };
+      }),
   };
 }
 

src/lib/formatters/sarif-output.ts

@@ -15,9 +15,11 @@ export function createSarifOutputForContainers(
     runs: [],
   };
 
-  testResults.forEach((testResult) => {
+  testResults.forEach((testResult, index) => {
     const projectName = testResult.projectName;
-    const projectIdentifier = projectName ? `${projectName}/` : '';
+    const projectIdentifier = projectName
+      ? `${projectName}/${index}/`
+      : `${index}/`;
     sarifRes.runs.push({
       tool: getTool(testResult),
       results: getResults(testResult),

test/fixtures/docker/sarif-container-result.json

@@ -67,7 +67,7 @@
         }
       ],
       "automationDetails": {
-        "id": "Snyk/Container/docker-image|snyk/kubernetes-monitor/2025-01-01T00:00:00.000Z"
+        "id": "Snyk/Container/docker-image|snyk/kubernetes-monitor/0/2025-01-01T00:00:00.000Z"
       }
     }
   ]

test/fixtures/docker/sarif-with-file-container-result.json

@@ -67,7 +67,7 @@
         }
       ],
       "automationDetails": {
-        "id": "Snyk/Container/docker-image|snyk/kubernetes-monitor/2025-01-01T00:00:00.000Z"
+        "id": "Snyk/Container/docker-image|snyk/kubernetes-monitor/0/2025-01-01T00:00:00.000Z"
       }
     }
   ]

test/jest/unit/lib/formatters/__snapshots__/open-source-sarif-output.spec.ts.snap

@@ -6,7 +6,7 @@ exports[`createSarifOutputForOpenSource general 1`] = `
   "runs": [
     {
       "automationDetails": {
-        "id": "Snyk/Open Source/PROJECT_NAME/2025-01-01T00:00:00.000Z",
+        "id": "Snyk/Open Source/PROJECT_NAME/0/2025-01-01T00:00:00.000Z",
       },
       "results": [
         {

test/jest/unit/lib/formatters/__snapshots__/sarif-output.spec.ts.snap

@@ -6,7 +6,7 @@ exports[`createSarifOutputForContainers general with critical severity issue wit
   "runs": [
     {
       "automationDetails": {
-        "id": "Snyk/Container/PROJECT_NAME/2025-01-01T00:00:00.000Z",
+        "id": "Snyk/Container/PROJECT_NAME/0/2025-01-01T00:00:00.000Z",
       },
       "results": [
         {
@@ -103,7 +103,7 @@ exports[`createSarifOutputForContainers general with critical severity issue wit
   "runs": [
     {
       "automationDetails": {
-        "id": "Snyk/Container/PROJECT_NAME/2025-01-01T00:00:00.000Z",
+        "id": "Snyk/Container/PROJECT_NAME/0/2025-01-01T00:00:00.000Z",
       },
       "results": [
         {
@@ -199,7 +199,7 @@ exports[`createSarifOutputForContainers general with high severity issue 1`] = `
   "runs": [
     {
       "automationDetails": {
-        "id": "Snyk/Container/PROJECT_NAME/2025-01-01T00:00:00.000Z",
+        "id": "Snyk/Container/PROJECT_NAME/0/2025-01-01T00:00:00.000Z",
       },
       "results": [
         {