update expected trivy sarif

andrzej-janczak · andrzej-janczak · commit 568171dba7a3 · 2025-06-13T12:11:45.000+02:00
diff --git a/plugins/tools/trivy/test/expected.sarif b/plugins/tools/trivy/test/expected.sarif
@@ -1,52 +1,79 @@
 {
-  "version": "2.1.0",
   "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
   "runs": [
     {
-      "tool": {
-        "driver": {
-          "fullName": "Trivy Vulnerability Scanner",
-          "informationUri": "https://github.com/aquasecurity/trivy",
-          "name": "Trivy",
-          "rules": null,
-          "version": "0.59.1"
+      "columnKind": "utf16CodeUnits",
+      "originalUriBaseIds": {
+        "ROOTPATH": {
+          "uri": "file:///plugins/tools/trivy/test/src/"
         }
       },
       "results": [
         {
-          "ruleId": "CVE-2024-21538",
-          "ruleIndex": 0,
           "level": "error",
+          "locations": [
+            {
+              "message": {
+                "text": "package-lock.json: cross-spawn@7.0.3"
+              },
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "package-lock.json",
+                  "uriBaseId": "ROOTPATH"
+                },
+                "region": {
+                  "endColumn": 1,
+                  "endLine": 527,
+                  "startColumn": 1,
+                  "startLine": 515
+                }
+              }
+            }
+          ],
           "message": {
             "text": "Package: cross-spawn\nInstalled Version: 7.0.3\nVulnerability CVE-2024-21538\nSeverity: HIGH\nFixed Version: 7.0.5, 6.0.6\nLink: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)"
           },
+          "ruleId": "CVE-2024-21538",
+          "ruleIndex": 1
+        },
+        {
+          "level": "note",
           "locations": [
             {
+              "message": {
+                "text": "package-lock.json: brace-expansion@1.1.11"
+              },
               "physicalLocation": {
                 "artifactLocation": {
                   "uri": "package-lock.json",
                   "uriBaseId": "ROOTPATH"
                 },
                 "region": {
-                  "startLine": 515,
+                  "endColumn": 1,
+                  "endLine": 357,
                   "startColumn": 1,
-                  "endLine": 527,
-                  "endColumn": 1
+                  "startLine": 349
                 }
-              },
-              "message": {
-                "text": "package-lock.json: cross-spawn@7.0.3"
               }
             }
-          ]
+          ],
+          "message": {
+            "text": "Package: brace-expansion\nInstalled Version: 1.1.11\nVulnerability CVE-2025-5889\nSeverity: LOW\nFixed Version: 2.0.2, 1.1.12, 3.0.1, 4.0.1\nLink: [CVE-2025-5889](https://avd.aquasec.com/nvd/cve-2025-5889)"
+          },
+          "ruleId": "CVE-2025-5889",
+          "ruleIndex": 0
         }
       ],
-      "columnKind": "utf16CodeUnits",
-      "originalUriBaseIds": {
-        "ROOTPATH": {
-          "uri": "file:///plugins/tools/trivy/test/src/"
+      "tool": {
+        "driver": {
+          "fullName": "Trivy Vulnerability Scanner",
+          "informationUri": "https://github.com/aquasecurity/trivy",
+          "name": "Trivy",
+          "rules": null,
+          "version": "0.59.1"
         }
       }
     }
-  ]
+  ],
+  "version": "2.1.0"
 }
