Description

Create a sarif toolkit plugin - to split a sarif file in to many SARIF files but with different categories. Very large SARIF files might not be able to be uploaded due to restrictions. Also, splitting alerts into different categories can be helpful to narrow down search queries in dashboards.

Propose Solution

Support different paradigms to split, work through them in order to ensure specificity

• based on a file path glob - split into a different category naming of the description of the path
  • Category: /language:/Path:
• ex yaml:

  - Name: Tests
    - Paths: 
      - **/Tests/**

  - Name: App
    - Paths: 
      - **/web/**
      - **/api/**

• based on alert security-severity
  • Category: /language:/Severity:<critical/high/medium/low/error/warning/note>

  - Severity:
    - Critical
  - Severity:
    - High
    - Medium
  - Severity:
    - *     //AKA all remaining

NOTE

SARIF format and Categories are for GitHub Advanced Security as described here: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#runautomationdetails-object

the processor should start with the same SARIF run info but focus on "cutting" the alerts out of the original and moving them over to the proper new as to not miss any.

If there are alerts that dont fit they should not be dropped! We will potentially need to keep the origional SARIF around and just give it a category of /language:<codeql language>/filter:none