Weird Characters in GitHub Advanced Security

[obounaim]

Description

For some findings, Trivy is creating entries in Github Advanced Security with weird characters.

Example:

Image user should not be 'root'
Elasticsearch domain isn't encrypted at rest.
'apk add' is missing '--no-cache'
Runs with GID <= 10000

Desired Behavior

Trivy should created entries with human readable characters.

Actual Behavior

Loot at the description

Reproduction Steps

Setup Trivy scan and push to Github Advance Security

Target

Filesystem

Scanner

Misconfiguration

Output Format

SARIF

Mode

Standalone

Debug Output

v0.58.2

Operating System

Github Action Ubuntu 22.04

Version

v0.58.2

Checklist

• Run trivy clean --all
• Read the troubleshooting

[DmitriyLewen]

Hello @obounaim
Thanks for your report.

We removed escaping for some fields in sarif report (see #5897)

Can you share an example for your case and we will look into it?

[obounaim]

@DmitriyLewen , I already shared some examples in my initial message.
Or do you mean something else.

[DmitriyLewen]

I mean file (or part of it) in sarif format with these values.
I need to understand which json fields contain these values.

[obounaim]

Emm, I am not sure if I can get the file, it was generate by a CI job and pushed to Github Advanced Security.

[DmitriyLewen]

maybe you know an image for this case