Support recommended security-severity property in SARIF file export #762

graemechristie · 2024-01-22T08:20:15Z

The current rules in the exported Sarif file do not include the security-severity property. A per the docs below, this is recommended for security rules.

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object

Likewise, the precision property is also recommended and used in concert with the security severity to assess the impact of the recorded CVE's.

github-actions · 2024-07-19T18:02:41Z

This issue has not had any activity for 60 days and will be automatically closed in two weeks

github-actions · 2024-08-02T19:00:49Z

Automatically closing stale issue

cuixq added the enhancement New feature or request label Jan 22, 2024

github-actions bot added the stale The issue or PR is stale and pending automated closure label Jul 19, 2024

github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 2, 2024

oliverchang added backlog Important but currently unprioritized and removed stale The issue or PR is stale and pending automated closure labels Aug 6, 2024

oliverchang reopened this Aug 6, 2024

mickem linked a pull request Feb 7, 2025 that will close this issue

feat: Added support for severity in sarif report #1587

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support recommended security-severity property in SARIF file export #762

Support recommended security-severity property in SARIF file export #762

graemechristie commented Jan 22, 2024

github-actions bot commented Jul 19, 2024

github-actions bot commented Aug 2, 2024

Support recommended security-severity property in SARIF file export #762

Support recommended security-severity property in SARIF file export #762

Comments

graemechristie commented Jan 22, 2024

github-actions bot commented Jul 19, 2024

github-actions bot commented Aug 2, 2024