Map `none` level SARIF findings to `info`
What does this MR do?
Changes the severity mapping logic when transforming a SARIF report into the gl-sast-report.json format. Instead of mapping none level findings to "unknown", we map them to "info".
This primarily addresses a problem in Kics, which downgrades info level findings to none when producing a SARIF report. The change should have no impact to Semgrep, as it doesn't map any findings to none.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Ensure the report version matches the equivalent schema version -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles