Empty/Undetected Tool Results
Some tools will output empty files if no results were found, which cannot be detected by
Software Risk Manager as any particular format. This will prevent resolution of findings
in Software Risk Manager if the tool had previously generated results. This can also
occur if your results file begins with mostly build errors, which Software Risk Manager
cannot use to recognize a given file format. For tools that may output empty results
files or files with many errors, you can add a Software Risk Manager–specific header to
the file:
##tool = XThis will force Software Risk Manager to recognize the given file as though it came from
the specified tool
X. The name of the tool is case-sensitive. This is
supported for the following tools:| Tool | Header Value |
|---|---|
| AWS Security Hub | AWS Security Hub |
| Clippy (clippy-driver) | Clippy |
| ErrCheck | ErrCheck |
| Error Prone | error-prone |
| GoCyclo | GoCyclo |
| GoLint | GoLint |
| GoSec | GoSec |
| IneffAssign | IneffAssign |
| Jlint | Jlint |
| JSHint | JSHint |
| Microsoft Code Analysis | Microsoft Code Analysis |
| Pylint | Pylint |
| SafeSQL | SafeSQL |
| Semgrep | Semgrep |
| Staticcheck | Staticcheck |
| TruffleHog | TruffleHog |
Vet (go vet) |
Vet |
For example
##tool = GoCyclo
...This file will always be detected as a gocyclo results file.