From d051f4ed7be7eec32cf0156ce0df1dcd0792f10b Mon Sep 17 00:00:00 2001
From: Ori Bendet <oribendet@Oris-MacBook-Pro.local>
Date: Sat, 28 Feb 2026 17:44:52 -0500
Subject: [PATCH] fix(sarif): deduplicate CWE taxa entries to fix schema
 validation failure

Multiple queries sharing the same CWE ID (e.g. CWE-798) caused duplicate
entries in the SARIF taxonomies taxa array. This caused schema validation
errors and prevented SARIF upload to GitHub and other consumers.

Add a seenCWEs map to ensure each CWE ID is appended to auxID only once
before being passed to RebuildTaxonomies.

Fixes #7588

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 pkg/report/sarif.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/report/sarif.go b/pkg/report/sarif.go
index 320defe330b..7cfebf3d9ed 100644
--- a/pkg/report/sarif.go
+++ b/pkg/report/sarif.go
@@ -18,12 +18,16 @@ func PrintSarifReport(path, filename string, body interface{}) error {
 		}
 
 		sarifReport := reportModel.NewSarifReport()
+		seenCWEs := map[string]bool{}
 		auxID := []string{}
 		auxGUID := map[string]string{}
 		for idx := range summary.Queries {
 			x := sarifReport.BuildSarifIssue(&summary.Queries[idx])
 			if x != "" {
-				auxID = append(auxID, x)
+				if !seenCWEs[x] {
+					seenCWEs[x] = true
+					auxID = append(auxID, x)
+				}
 				guid := sarifReport.GetGUIDFromRelationships(idx, x)
 				auxGUID[x] = guid
 			}