balgillo
commented
4 months ago Please can you tell us which tool this is, and share the SARIF file?
The SARIF standard defines three levels of severity, error, warning and note. The Sarif tools rely on those levels being set properly by the tools. Some tools use custom properties to store their own severity scale, e.g.
"properties":{"DevSkimSeverity":4}But these are not comparable across tools. and at the moment sarif-tools can only use them in filters.
Using the python library, loading a sarif file that contains errors, then using "get_result_count_by_severity()" will display zero erros and give the number of warnings as number of warnings + number of erros. "get_records()" will show the errors, but they are classified as warnings.
The Visual Studio Code plugin displays these correctly as errors.