vault/tools
Vault Automation ea9b0c636f
[VAULT-46753] pipeline(sarif): add support for converting Sarif into Zap XML-JSON
* [VAULT-46753] pipeline(sarif): add support for converting Sarif into Zap format

Add a `covert-zap` sub-command to the pipeline utility for converting
SARIF reports into a Zap format. We then utilize the new utility as part
of our DAST/Zap scans to automatically convert the SARIF to Zap style
XML JSON which we can feed into Concert.

As part of this we do a small refactor of the Sarif CVE report.

- Add `pipeline sarif convert-zap` command.
- Integrate the `covert-zap` into our DAST scanning workflows.
- Refactor `pipeline sarif cve-report` to be more idiomatic of the
  pipeline tool.
- Format the pipeline tool with the latest version of gofumpt.
- Update to the latest Go modules.

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2026-07-08 23:24:10 +00:00
..
codechecker license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
instana-uploader Fix Instana test tracing configuration and add package documentation (#15529) (#15783) 2026-06-26 09:50:01 -04:00
pipeline [VAULT-46753] pipeline(sarif): add support for converting Sarif into Zap XML-JSON 2026-07-08 23:24:10 +00:00
semgrep Backport Add transit test using managed keys into ce/main (#14534) 2026-05-06 12:05:40 -04:00
stubmaker license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
testimagemaker Backport Add transit test using managed keys into ce/main (#14534) 2026-05-06 12:05:40 -04:00
tools.go license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
tools.sh license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00