The actual Sarif export doesn't have a "fixes" section in the results (ex. upgrading a package or changing its version). We can add this section using the below structure (with not-so-important parts omitted):
Click here to expand the example structure.
{
"version": "2.1.0",
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"runs": [
{
"tool": {
"driver": {
"name": "audit-export"
}
},
"results": [
{
"ruleId": "Prototype Pollution in Ajv",
"fixes": [
{
"description": {
"text": "Update ajv to version 8.1.2 or later."
},
"artifactChanges": [
{
"artifactLocation": {
"uri": "https://www.npmjs.com/package/ajv/v/8.1.2"
},
"replacements": [
{
"deletedRegion": {
"snippet": {
"text": "8.1.1"
}
},
"insertedContent": {
"text": "8.1.2"
}
}
]
}
]
}
]
}
]
}
]
}Details
The actual Sarif export doesn't have a "fixes" section in the results (ex. upgrading a package or changing its version). We can add this section using the below structure (with not-so-important parts omitted):
Click here to expand the example structure.
{ "version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [ { "tool": { "driver": { "name": "audit-export" } }, "results": [ { "ruleId": "Prototype Pollution in Ajv", "fixes": [ { "description": { "text": "Update ajv to version 8.1.2 or later." }, "artifactChanges": [ { "artifactLocation": { "uri": "https://www.npmjs.com/package/ajv/v/8.1.2" }, "replacements": [ { "deletedRegion": { "snippet": { "text": "8.1.1" } }, "insertedContent": { "text": "8.1.2" } } ] } ] } ] } ] } ] }Details