Added back extra SARIF properties ignored by Code Scanning, for information for other tooling

Author: aegilops

src/malwareMatcher.ts

@@ -212,12 +212,12 @@ export function buildSarifPerRepo(matches: MalwareMatch[], advisories: MalwareAd
       ruleIndex: ruleIds.indexOf(m.advisoryGhsaId),
       level: "error",
       message: { text: `Malware advisory ${m.advisoryGhsaId} matched package ${m.purl}${m.vulnerableVersionRange ? ` in range ${m.vulnerableVersionRange}` : ""}` },
-      // properties: {
-      //   purl: m.purl,
-      //   ecosystem: m.ecosystem,
-      //   version: m.version,
-      //   vulnerableVersionRange: m.vulnerableVersionRange,
-      // },
+      properties: {
+        purl: m.purl,
+        ecosystem: m.ecosystem,
+        version: m.version,
+        vulnerableVersionRange: m.vulnerableVersionRange,
+      },
       locations: [{ physicalLocation: { artifactLocation: { uri: `file:///${m.purl}` } } }]
     }));
     const sarif: SarifLog = {