Skip to content

(e2e)Ensure Rapidast logs a valid ZAP SARIF file #415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 30, 2025
Merged

(e2e)Ensure Rapidast logs a valid ZAP SARIF file #415

merged 2 commits into from
Sep 30, 2025

Conversation

@cedricbu
Copy link
Collaborator

@cedricbu cedricbu commented Sep 26, 2025

@cedricbu cedricbu requested a review from a team as a code owner September 26, 2025 15:17
@cedricbu
Copy link
Collaborator Author

cedricbu commented Sep 26, 2025

Quick additional notes:

  • This is probably the first of several PRs: if the PR is accepted, ideally, the same test will be added in other compatible scanners
  • I actually didn't manage to find an easy way to run the full patched e2e code locally, so there may be issues with the code itself (typos, etc.)
  • Currently, the ZAP e2e sanity test is done against the ZAP native report. I would probably make sense to remove that native report and make those sanity tests against the SARIF one

@sfowl
Copy link
Collaborator

sfowl commented Sep 29, 2025

I actually didn't manage to find an easy way to run the full patched e2e code locally, so there may be issues with the code itself (typos, etc.)

This seems to have run and pass so looks like it's issue free! We should have better docs on this though, that's probably on me for not yet writing something like an e2e-tests/README.md.

Currently, the ZAP e2e sanity test is done against the ZAP native report. I would probably make sense to remove that native report and make those sanity tests against the SARIF one

Against the custom SARIF report made by rapidast? I agree there's probably more value in testing that one. If it's cheap to run, is it worth testing both?

ccronca
ccronca reviewed Sep 29, 2025
View reviewed changes
@cedricbu cedricbu merged commit d03a4a2 into RedHatProductSecurity:development Sep 30, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ccronca ccronca ccronca left review comments

@sfowl sfowl sfowl approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cedricbu @sfowl @ccronca