SARIF output improvements #7
Description
Feature Request
Improve the SARIF output format for better integration with GitHub Code Scanning and other SAST tools.
Current State
Basic SARIF output is supported, but some fields are missing or incomplete.
Improvements Needed
- Add \help.text\ and \help.markdown\ for each rule (improves GitHub Security tab display)
- Include
elatedLocations\ for attack chain findings - Add \properties.tags\ with OWASP mapping
- Support SARIF v2.1.0 \ axonomies\ for CWE mapping
- Add \invocations\ section with runtime metadata
Why
Better SARIF = richer GitHub Code Scanning alerts = easier triage for security teams.