@@ -67,6 +67,11 @@ std::string SARIFAnalysisReport::emit() {
6767 for (std::map<std::string, std::vector<ErrorMessage>>::iterator it = mFindings .begin (); it != mFindings .end (); ++it) {
6868 const ErrorMessage rule = it->second [0 ];
6969
70+ // https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object
71+ picojson::object properties = {
72+ { " precision" picojson::value (sarifPrecision (rule.certainty )) },
73+ };
74+
7075 // https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317836
7176 picojson::object reportingDescriptor = {
7277 // https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317839
@@ -81,6 +86,7 @@ std::string SARIFAnalysisReport::emit() {
8186 { " help" picojson::value (text (rule.verboseMessage ())) },
8287 // https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317850
8388 { " defaultConfiguration" picojson::value (level (sarifSeverity (rule.severity ))) },
89+ { " properties" picojson::value (properties) },
8490 };
8591 rules.emplace_back (reportingDescriptor);
8692
@@ -161,3 +167,17 @@ std::string SARIFAnalysisReport::sarifSeverity(Severity::SeverityType severity)
161167 return " note"
162168 }
163169}
170+
171+ std::string SARIFAnalysisReport::sarifPrecision (Certainty::CertaintyLevel certainty) {
172+ switch (certainty) {
173+ case Certainty::CertaintyLevel::safe:
174+ return " very-high"
175+ case Certainty::CertaintyLevel::normal:
176+ return " high"
177+ case Certainty::CertaintyLevel::experimental:
178+ return " medium"
179+ case Certainty::CertaintyLevel::inconclusive:
180+ default :
181+ return " low"
182+ }
183+ }
0 commit comments