Problem:
When using the CLI command snyk container test, or Github Action snyk/actions/docker@master, the test may fail with error cannot read properties of undefined (reading 'CVE')
Discussion:
When using the --sarif or --sarif-file-output=<file> arguments, in some cases the sarif parser is not able to correctly process the output from the snyk test.
The Github Action exports to sarif file (snyk.sarif) by default. See here
Resolution:
This issue has been resolved in Snyk CLI version 1.1146.0. Please upgrade to this version or higher.
If you are unable to upgrade, the following workarounds are available for older versions:
In CLI, omit the --sarif or --sarif-file-output=<file> option. Optionally use --json or --json-file-output=<file> instead
If using Github Action snyk/actions/docker@master, set sarif: false in the with section of your action.
Optionally, set json: true to export to snyk.json instead.