Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support recommended security-severity property in SARIF file export #762

Open
graemechristie opened this issue Jan 22, 2024 · 0 comments
Open

Support recommended security-severity property in SARIF file export #762

graemechristie opened this issue Jan 22, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@graemechristie
Copy link

The current rules in the exported Sarif file do not include the security-severity property. A per the docs below, this is recommended for security rules.

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object

Likewise, the precision property is also recommended and used in concert with the security severity to assess the impact of the recorded CVE's.
@cuixq cuixq added the enhancement New feature or request label Jan 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@graemechristie @cuixq