Skip to content

Commit 1552e70

Browse files
emmanuelknafoemmanuelknafo
authored
Merge pull request #14 from devopsabcs-engineering/feature/2023-enrich-sarif-code-scanning Fixes AB#2023
Feature/2023 enrich sarif code scanning Fixes AB#2023
2 parents 9a87d3b + e46a427 commit 1552e70

10 files changed

Lines changed: 2226 additions & 10 deletions

File tree

.copilot-tracking/changes/2026-03-12/sarif-github-code-scanning-changes.md

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
<!-- markdownlint-disable-file -->
2+
# Release Changes: Improve SARIF Output for GitHub Code Scanning
3+
4+
**Related Plan**: sarif-github-code-scanning-plan.instructions.md
5+
**Implementation Date**: 2026-03-12
6+
7+
## Summary
8+
9+
Enrich SARIF output so GitHub Code Scanning displays complete inline rule help with WCAG guidance, correct IBM help URLs, properly categorized severity/precision metadata, and enriched result messages for every accessibility alert.
10+
11+
## Changes
12+
13+
### Added
14+
15+
* `src/lib/scanner/result-normalizer.ts` — Added `extractIbmHelpUrl()` helper function that parses IBM Equal Access archive URLs, strips `#` fragments, and falls back to `/archives/latest/` pattern when help field is missing or not a URL
16+
* `src/lib/report/sarif-generator.ts` — Added `buildHelpMarkdown()` function generating rich Markdown rule help with title, description, impact, principle, engine, WCAG tags, and learn-more links
17+
* `src/lib/report/sarif-generator.ts` — Added `buildHelpText()` function generating plain-text rule help as GitHub fallback
18+
* `src/lib/report/sarif-generator.ts` — Added `mapEngineToPrecision()` mapping axe-core → very-high, ibm-equal-access → high, default → medium
19+
* `src/lib/report/sarif-generator.ts` — Added `mapImpactToSeverity()` mapping critical/serious → error, moderate → warning, minor → recommendation
20+
21+
### Modified
22+
23+
* `src/lib/scanner/result-normalizer.ts` — Changed `help` field mapping in `normalizeIbmResults()` from `r.help ?? r.message` to `r.message` (IBM `r.help` contains a URL, not text)
24+
* `src/lib/scanner/result-normalizer.ts` — Changed `helpUrl` mapping from broken `/rules/tools/help/` pattern to `extractIbmHelpUrl(r.help, r.ruleId)` using working archive URLs
25+
* `src/lib/report/sarif-generator.ts` — Expanded `SarifRule` interface with `fullDescription`, `help` (text + markdown), `defaultConfiguration`, enriched `properties` (precision, problem.severity)
26+
* `src/lib/report/sarif-generator.ts` — Expanded `SarifRun` interface with `informationUri`, `semanticVersion` on tool.driver and optional `automationDetails`
27+
* `src/lib/report/sarif-generator.ts` — Updated `buildRun()` rule construction to populate all new fields; `shortDescription` changed from `violation.description` to `violation.help`
28+
* `src/lib/report/sarif-generator.ts` — Enriched `SarifResult.message.text` with description, help, scanned URL, selector, element count, and optional failureSummary
29+
* `src/lib/report/sarif-generator.ts` — Added `automationDetails.id` to `buildRun()` return block
30+
* `src/lib/scanner/__tests__/result-normalizer.test.ts` — Updated 2 existing IBM tests, added 3 new tests for archive URL extraction, fallback, and help text separation (48 total)
31+
* `src/lib/report/__tests__/sarif-generator.test.ts` — Updated 2 existing tests, added 11 new tests for enriched fields, tool metadata, failureSummary, site SARIF, and IBM markdown links (24 total)
32+
33+
### Removed
34+
35+
* None
36+
37+
## Additional or Deviating Changes
38+
39+
* DD-01: `shortDescription.text` changed from `violation.description` to `violation.help` per plan design decision — the concise one-liner is more appropriate for GitHub's brief label display
40+
* DD-02: `failureSummary` included in enriched `message.text` per DR-06 remediation — appended conditionally when present on the node
41+
* Phase 2 subagent pre-added `informationUri` and `semanticVersion` to the return block; Phase 3 only needed to add `automationDetails`
42+
43+
## Release Summary
44+
45+
Total files affected: 4 (2 production, 2 test)
46+
47+
**Created:** None
48+
**Modified:**
49+
* `src/lib/scanner/result-normalizer.ts` — IBM URL fix and `extractIbmHelpUrl()` helper
50+
* `src/lib/report/sarif-generator.ts` — Full SARIF enrichment (interfaces, helpers, rule/result/metadata construction)
51+
* `src/lib/scanner/__tests__/result-normalizer.test.ts` — 48 tests (3 new, 2 updated)
52+
* `src/lib/report/__tests__/sarif-generator.test.ts` — 24 tests (11 new, 2 updated)
53+
**Removed:** None
54+
55+
**Dependencies:** No new dependencies added
56+
**Infrastructure:** No infrastructure changes
57+
**Deployment notes:** SARIF output format enriched — GitHub Code Scanning will display inline rule help and enriched metadata on next SARIF upload

0 commit comments

Comments
 (0)