feat(general): update the SARIF schema URL.

Linked to oasis-tcs/sarif-spec#599

checkov/common/output/sarif.py

@@ -42,7 +42,7 @@ def __init__(self, reports: list[Report], tool: str | None) -> None:
 
     def create_json(self) -> dict[str, Any]:
         return {
-            "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+            "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
             "version": "2.1.0",
             "runs": self._create_runs(),
         }

docs/8.Outputs/SARIF.md

@@ -13,7 +13,7 @@ It can be used to show alerts in your GitHub repository as a part of the code sc
 A typical output looks like this
 ```json
 {
-  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
   "version": "2.1.0",
   "runs": [
     {

tests/common/output/test_sarif_report.py

@@ -56,7 +56,7 @@ def test_valid_passing_valid_testcases(self):
         self.assertDictEqual(
             sarif.json,
             {
-                "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+                "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
                 "version": "2.1.0",
                 "runs": [
                     {
@@ -345,7 +345,7 @@ def test_non_url_guideline_link(self):
         self.assertDictEqual(
             sarif.json,
             {
-                "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+                "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
                 "version": "2.1.0",
                 "runs": [
                     {

tests/openapi/runner/resources/runner_results/results.sarif

@@ -1 +1 @@
-{"$schema":"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json","version":"2.1.0","runs":[{"results":[{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/swagger_empty_paths.yaml"},"region":{"startLine":2,"endLine":16}}}]},{"ruleId":"CKV_OPENAPI_1","ruleIndex":1,"level":"error","attachments":[],"message":{"text":"Ensure that securityDefinitions is defined and not empty - version 2.0 files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/swagger_empty_paths.yaml"},"region":{"startLine":2,"endLine":16}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example.yml"},"region":{"startLine":1,"endLine":13}}}]},{"ruleId":"CKV_OPENAPI_1","ruleIndex":1,"level":"error","attachments":[],"message":{"text":"Ensure that securityDefinitions is defined and not empty - version 2.0 files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example.yml"},"region":{"startLine":1,"endLine":13}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example1.json"},"region":{"startLine":1,"endLine":39}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example.json"},"region":{"startLine":1,"endLine":20}}}]},{"ruleId":"CKV_OPENAPI_1","ruleIndex":1,"level":"error","attachments":[],"message":{"text":"Ensure that securityDefinitions is defined and not empty - version 2.0 files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example.json"},"region":{"startLine":1,"endLine":1}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example.yaml"},"region":{"startLine":1,"endLine":16}}}]},{"ruleId":"CKV_OPENAPI_3","ruleIndex":2,"level":"error","attachments":[],"message":{"text":"Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example.yaml"},"region":{"startLine":8,"endLine":11}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example1.json"},"region":{"startLine":1,"endLine":8}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example.json"},"region":{"startLine":1,"endLine":28}}}]},{"ruleId":"CKV_OPENAPI_3","ruleIndex":2,"level":"error","attachments":[],"message":{"text":"Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example1.yaml"},"region":{"startLine":10,"endLine":13}}}]}]}]}
+{"$schema":"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json","version":"2.1.0","runs":[{"results":[{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/swagger_empty_paths.yaml"},"region":{"startLine":2,"endLine":16}}}]},{"ruleId":"CKV_OPENAPI_1","ruleIndex":1,"level":"error","attachments":[],"message":{"text":"Ensure that securityDefinitions is defined and not empty - version 2.0 files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/swagger_empty_paths.yaml"},"region":{"startLine":2,"endLine":16}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example.yml"},"region":{"startLine":1,"endLine":13}}}]},{"ruleId":"CKV_OPENAPI_1","ruleIndex":1,"level":"error","attachments":[],"message":{"text":"Ensure that securityDefinitions is defined and not empty - version 2.0 files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example.yml"},"region":{"startLine":1,"endLine":13}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example1.json"},"region":{"startLine":1,"endLine":39}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example.json"},"region":{"startLine":1,"endLine":20}}}]},{"ruleId":"CKV_OPENAPI_1","ruleIndex":1,"level":"error","attachments":[],"message":{"text":"Ensure that securityDefinitions is defined and not empty - version 2.0 files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v2/example.json"},"region":{"startLine":1,"endLine":1}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example.yaml"},"region":{"startLine":1,"endLine":16}}}]},{"ruleId":"CKV_OPENAPI_3","ruleIndex":2,"level":"error","attachments":[],"message":{"text":"Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example.yaml"},"region":{"startLine":8,"endLine":11}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example1.json"},"region":{"startLine":1,"endLine":8}}}]},{"ruleId":"CKV_OPENAPI_4","ruleIndex":0,"level":"error","attachments":[],"message":{"text":"Ensure that the global security field has rules defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example.json"},"region":{"startLine":1,"endLine":28}}}]},{"ruleId":"CKV_OPENAPI_3","ruleIndex":2,"level":"error","attachments":[],"message":{"text":"Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"v3/example1.yaml"},"region":{"startLine":10,"endLine":13}}}]}]}]}

tests/sca_image/test_output_reports.py

@@ -155,7 +155,7 @@ def test_sarif_output(sca_image_report_scope_function):
     # then
     sarif_output["runs"][0]["tool"]["driver"]["version"] = "2.0.x"
     expected_sarif_json = {
-        "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+        "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
         "version": "2.1.0",
         "runs": [
             {

tests/sca_package_2/test_output_reports.py

@@ -317,7 +317,7 @@ def test_sarif_output(sca_package_report_2_with_skip_scope_function):
     # then
     sarif_output["runs"][0]["tool"]["driver"]["version"] = "2.0.x"
     expected_sarif_json = {
-        "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+        "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
         "version": "2.1.0",
         "runs": [
             {