Outputted SARIF file cannot be uploaded to Github Advanced Security

[meriouma]

Description I'm running Dockle on a Docker image, using -f sarif -o output.sarif, and then I'm using the action github/codeql-action/upload-sarif to upload the file to GHAS. The action fails to upload the file. I believe Dockle doesn't provide the location field in the result.

What did you expect to happen? I should be able to upload the output.sarif file to GHAS.

What happened instead? The upload-sarif action reports this error:

Error: Code Scanning could not process the submitted SARIF file:
locationFromSarifResult: expected at least one location,locationFromSarifResult: expected at least one location,
    at Object.waitForProcessing (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:334:19)
    at async run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:60:13)
    at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:75:9)

Output of dockle -v: Using Docker image : goodwithtech/dockle:v0.4.6