False positive detection of binary file for Binary-Artifacts checker

Question

rouault opened this issue 5 months ago · comments

Describe the bug
False positive detection of binary file for Binary-Artifacts checker

Reproduction steps

Look at https://securityscorecards.dev/viewer/?uri=github.com/OSGeo/gdal. It indicates in Binary-Artifacts "Warn: binary detected: autotest/gdrivers/data/esric/Layers/_alllayers/L01/R0000C0000.bundle:1"

It is a data file used by the regression test suite of the software, not an executable/binary file.

Expected behavior
That file shouldn't be counted as binary artifact

Spencer Schrock · Answer 1 · Wed Jan 03 2024 06:33:42 GMT+0800 (China Standard Time)

We're working on a feature this quarter for maintainers to mark test data as a false positive.

afmarcum · Answer 2 · Fri Mar 08 2024 05:31:31 GMT+0800 (China Standard Time)

Closing because this will be addressed with the Structured Results feature. We can always revisit if needed.

Even Rouault · Answer 3 · Tue Mar 19 2024 08:03:00 GMT+0800 (China Standard Time)

@afmarcum Is there some documentation about "Structured Results" how to add an exemption for a false positive binary artifact? Couldn't find any

afmarcum · Answer 4 · Thu Mar 21 2024 00:28:14 GMT+0800 (China Standard Time)

@rouault reopening the issue until Structured Results is released and this issue can be resolved. Targeting early April.