osv-scanner icon indicating copy to clipboard operation
osv-scanner copied to clipboard
verified publisher icon google

Support recommended security-severity property in SARIF file export

Open graemechristie opened this issue 1 year ago • 2 comments

The current rules in the exported Sarif file do not include the security-severity property. A per the docs below, this is recommended for security rules.

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object

Likewise, the precision property is also recommended and used in concert with the security severity to assess the impact of the recorded CVE's.

graemechristie avatar Jan 22 '24 08:01 graemechristie

This issue has not had any activity for 60 days and will be automatically closed in two weeks

github-actions[bot] avatar Jul 19 '24 18:07 github-actions[bot]

Automatically closing stale issue

github-actions[bot] avatar Aug 02 '24 19:08 github-actions[bot]