fix(ci/cve-scanning): make it a correct URI (#1690)

cwrau · web-flow · commit abebb3b2cf23 · 2025-09-19T08:15:32.000Z
&lt;!-- This is an auto-generated comment: release notes by coderabbit.ai
--&gt;
## Summary by CodeRabbit

- Bug Fixes
- Fixed SARIF report artifact URIs to include the file:// scheme so
links to affected files are recognized and clickable by code-scanning
and security tools. This improves navigation from scan results to source
files in CI reports and dashboards, reducing broken links and making
developer triage and remediation more reliable.
&lt;!-- end of auto-generated comment: release notes by coderabbit.ai --&gt;
diff --git a/.github/scripts/sarif-report-collect-results.jq b/.github/scripts/sarif-report-collect-results.jq
@@ -17,7 +17,7 @@
                 (
                   .physicalLocation |= (
                     .artifactLocation |= (
-                      .uri |= "\($run.properties.chart):\($subChart):\(sub("^[^/]+/"; ""))"
+                      .uri |= "file:///\($run.properties.chart):\($subChart):\(sub("^[^/]+/"; ""))"
                     )
                   )
                 ) | (

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`	`(`
`18`	`18`	`.physicalLocation \|= (`
`19`	`19`	`.artifactLocation \|= (`
`20`		`- .uri \|= "\($run.properties.chart):\($subChart):\(sub("^[^/]+/"; ""))"`
	`20`	`+ .uri \|= "file:///\($run.properties.chart):\($subChart):\(sub("^[^/]+/"; ""))"`
`21`	`21`	`)`
`22`	`22`	`)`
`23`	`23`	`) \| (`