fix: SARIF validation and skip tests in CI security scan

bumahkib7 · claude · bumahkib7 · commit 4a78c9615cd2 · 2026-02-02T06:42:19.000+03:00
- Fix SARIF validation error: suggestion without artifactChanges
- Add --skip-tests to security scan to skip test pattern code

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -174,4 +174,5 @@ jobs:
         with:
           path: '.'
           profile: 'strict'
+          extra-args: '--skip-tests'
           upload-sarif: true
diff --git a/crates/cli/src/output/sarif.rs b/crates/cli/src/output/sarif.rs
@@ -157,12 +157,12 @@ pub fn output(results: &[FileAnalysis], output_file: Option<PathBuf>) -> Result<
                             }]
                         }]);
                     } else if let Some(suggestion) = &f.suggestion {
-                        // Fall back to simple description-only fix for backward compatibility
-                        result["fixes"] = serde_json::json!([{
-                            "description": {
-                                "text": suggestion
-                            }
-                        }]);
+                        // SARIF spec requires artifactChanges for fixes
+                        // Append suggestion to the message instead
+                        if let Some(text) = result["message"]["text"].as_str() {
+                            result["message"]["text"] =
+                                serde_json::json!(format!("{}\n\nSuggestion: {}", text, suggestion));
+                        }
                     }
 
                     // Add properties with additional metadata
