Map `none` level SARIF findings to `info`
What does this MR do?
Changes the severity mapping logic when transforming a SARIF report into the gl-sast-report.json
format. Instead of mapping none
level findings to "unknown", we map them to "info".
This primarily addresses a problem in Kics, which downgrades info
level findings to none
when producing a SARIF report. The change should have no impact to Semgrep, as it doesn't map any findings to none
.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Ensure the report version matches the equivalent schema version -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles