Issue: scorecard to detect Binary Artifacts from local directory in command line (terminal)

[shilpaworld]

Hi Team,

Note: Editing my originally raised issue:

We are trying to use scorecard for Binary Detection. Our aim is to detect binary in local folder. I was able to detect binaries in my personal github repo, however wasn't able to get results while executing on local folder using --local argument. I then built the code locally, added FileBased option in checks/binary_artifact.go init() and generated the build. The Binary Detection was successful. I was able to generate json output with score 9, due to 1 binary in the local folder.

I did added Environment variable for SARIF format as well as "ENABLE_SARIF":"1", however, I am getting below error while generating SARIF format:
"error during command execution: failed to format results: failed to output results: internal error: missing policy for check: Binary-Artifacts"

I have below 2 questions:

1. Is it fine to change checks/binary_artifact.go by adding FileBased in init(), this indirectly fails the tests in policy_test.go? Can we update it? So that the scorecard tool can be used for local folder Binary Artifact Detection
2. Any inputs regarding when will the SARIF format be supported in command line? I am trying to add environment variables and run the tool, however i get policy missing error as mentioned above. Is there any way to achieve this pelase?

Thanks in advance,

Shilpa

[spencerschrock]

Hmm, I'm wondering if we can add support locally if we handle the error from ListSuccessfulWorkflowRuns in the locally client gracefully. This may also apply to GitLab @raghavkaul .