Skip to content

fix: support 2.3.0 multi-arch image scan results#77

Merged
carlosmmatos merged 4 commits intomainfrom
fix--2.3.0
Apr 14, 2026
Merged

fix: support 2.3.0 multi-arch image scan results#77
carlosmmatos merged 4 commits intomainfrom
fix--2.3.0

Conversation

@ryanjpayne
Copy link
Copy Markdown
Contributor

FCS CLI 2.3.x Multi-Architecture Support

Changes

  • Auto-discover output files: Parse FCS CLI output for "Results saved to file:" messages instead of guessing file patterns
  • Multi-arch support: Automatically handle multiple report files from multi-arch image scans
  • SARIF conversion: Convert all architecture variants to SARIF when requested
  • Fix output_path default: Remove "./" default that broke image scans; allow CLI defaults when omitted

Technical Details

  • Modified execute_fcs_cli() to capture CLI output using tee while preserving exit codes
  • Rewrote convert_json_to_sarif() to parse CLI output instead of using file pattern matching
  • Updated action.yml to remove problematic default and improve description
  • Added comprehensive documentation for FCS CLI 2.3.x multi-arch scanning

@carlosmmatos
Copy link
Copy Markdown
Contributor

Pulled out the fallback path in convert_json_to_sarif. It only checked -d (directory), so file-based output_path values — which is the common image scan case — were silently skipped. The stdout-parsing path handles discovery fine on its own, so this was just dead weight.

Now it logs a warning if the CLI output file is missing. Also removed Tests 16-18 and the test_sarif_discovery_fallback helper since they tested the removed code. The 4 primary path tests still pass.

Copy link
Copy Markdown
Contributor

@carlosmmatos carlosmmatos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Waiting for GA then we can merge

ryanjpayne and others added 4 commits April 14, 2026 20:11
The fallback path only checked -d (directory), silently failing for
file-based output_path values which is the common image scan case.
Since the primary stdout-parsing path handles discovery reliably,
replace the fallback with a simple warning log.
@carlosmmatos carlosmmatos marked this pull request as ready for review April 14, 2026 20:11
@carlosmmatos carlosmmatos merged commit c891641 into main Apr 14, 2026
3 checks passed
@carlosmmatos carlosmmatos deleted the fix--2.3.0 branch April 14, 2026 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants