It is common that CI that uses enriched SARIF from cabal-audit fails, when by mistake you do cabal-audit --sarif > sarif.json
output is often not JSON alone but few lines about git or compilation and then JSON. This crashes CI with unintuitive error.
enrich action should check if sarif file actually has json. Check doe not need to be sophisticated.
It is common that CI that uses enriched SARIF from cabal-audit fails, when by mistake you do
cabal-audit --sarif > sarif.jsonoutput is often not JSON alone but few lines about git or compilation and then JSON. This crashes CI with unintuitive error.
enrich action should check if sarif file actually has json. Check doe not need to be sophisticated.