@eurekadevsecops/radar 1.9.8 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/.config/release-please/manifest.json +1 -1
  2. package/CHANGELOG.md +7 -0
  3. package/package.json +1 -1
  4. package/src/util/sarif/transforms/normalize.js +12 -2
package/.config/release-please/manifest.json CHANGED
@@ -1,3 +1,3 @@
1
1
  {
2
- ".": "1.9.8"
2
+ ".": "1.10.0"
3
3
  }
package/CHANGELOG.md CHANGED
@@ -1,5 +1,12 @@
1
1
  # Changelog
2
2
 
3
+ ## [1.10.0](https://github.com/EurekaDevSecOps/radarctl/compare/v1.9.8...v1.10.0) (2026-02-25)
4
+
5
+
6
+ ### Improvements
7
+
8
+ * **PE-961:** Job path from Managed Scan runner being included in vulnerability results ([#63](https://github.com/EurekaDevSecOps/radarctl/issues/63)) ([f014598](https://github.com/EurekaDevSecOps/radarctl/commit/f0145985152b4d5cb5af7d10de7981777ce40ce4))
9
+
3
10
  ## [1.9.8](https://github.com/EurekaDevSecOps/radarctl/compare/v1.9.7...v1.9.8) (2026-02-19)
4
11
 
5
12
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@eurekadevsecops/radar",
3
- "version": "1.9.8",
3
+ "version": "1.10.0",
4
4
  "description": "Radar is an open-source orchestrator of security scanners.",
5
5
  "homepage": "https://www.eurekadevsecops.com/radar",
6
6
  "keywords": [
package/src/util/sarif/transforms/normalize.js CHANGED
@@ -1,5 +1,9 @@
1
1
  const path = require('node:path')
2
2
  module.exports = (sarif, dir, git, root) => {
3
+ // Pattern matches managed scanner temporary job directories:
4
+ // Format: /app/jobs/{uuid}/repo-{timestamp}/
5
+ // Example: /app/jobs/830f53a2-5f0c-4565-a262-607dfcd4d5e1/repo-1771653645/
6
+ const MANAGED_SCANNER_JOB_PREFIX = /^\/app\/jobs\/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\/repo-\d+\//
3
7
  // Normalize findings.
4
8
  for (const run of sarif.runs) {
5
9
 
@@ -19,8 +23,14 @@ module.exports = (sarif, dir, git, root) => {
19
23
  // (or if the root is not available then to the scan directory)
20
24
  if (!run.results) continue
21
25
  for (const result of run.results) {
22
- for (const location of result.locations) {
23
- if (location.physicalLocation?.artifactLocation?.uri?.startsWith('/app')) {
26
+ for (const location of result.locations) {
27
+ if (location.physicalLocation?.artifactLocation?.uri?.match(MANAGED_SCANNER_JOB_PREFIX)) {
28
+ let file = location.physicalLocation.artifactLocation.uri.replace(MANAGED_SCANNER_JOB_PREFIX, '')
29
+ if (subfolder) file = path.join(subfolder, file)
30
+ if (result?.message?.text) result.message.text = result.message.text.replace(location.physicalLocation.artifactLocation.uri, file)
31
+ location.physicalLocation.artifactLocation.uri = file
32
+ }
33
+ else if (location.physicalLocation?.artifactLocation?.uri?.startsWith('/app')) {
24
34
  let file = path.join(subfolder, path.relative('/app', location.physicalLocation.artifactLocation.uri))
25
35
  if (result?.message?.text) result.message.text = result.message.text.replace(location.physicalLocation.artifactLocation.uri, file)
26
36
  location.physicalLocation.artifactLocation.uri = file