False positive detection of binary file for Binary-Artifacts checker
rouault opened this issue · comments
Describe the bug
False positive detection of binary file for Binary-Artifacts checker
Reproduction steps
Look at https://securityscorecards.dev/viewer/?uri=github.com/OSGeo/gdal. It indicates in Binary-Artifacts "Warn: binary detected: autotest/gdrivers/data/esric/Layers/_alllayers/L01/R0000C0000.bundle:1"
This is this file: https://github.com/OSGeo/gdal/blob/master/autotest/gdrivers/data/esric/Layers/_alllayers/L01/R0000C0000.bundle
It is a data file used by the regression test suite of the software, not an executable/binary file.
Expected behavior
That file shouldn't be counted as binary artifact
We're working on a feature this quarter for maintainers to mark test data as a false positive.
Closing because this will be addressed with the Structured Results feature. We can always revisit if needed.
@afmarcum Is there some documentation about "Structured Results" how to add an exemption for a false positive binary artifact? Couldn't find any