Prisma Cloud causing poor GitHub Code Scanning experience

[charisk]

👋 Hello - I am from the GitHub code scanning team!

Not sure if this is the right place to raise this issue, but we've noticed that the way Prisma Cloud is generating SARIF documents is causing a bad user experience with GitHub Code Scanning.

Code Scanning expects that rule metadata will be shared many times between different runs of a Code Scanning tool. A rule should represent a capability of the tool, not information about any specific finding. Information that is scan-specific should be included in the results message field instead (e.g: file paths, container checksums etc).

Prisma Cloud appears to be generating large numbers of rules, each one containing container versions in the name.

This is causing a poor experience for some customers as they quickly hit the limits of what we support.

Can you please have a look and consider making some changes to avoid explosion of rules?