feat: import sarif security evidence#17

Merged

duriantaco merged 1 commit into

mainfrom

feat/sarif-security-evidence

May 13, 2026

Owner

duriantaco commented May 13, 2026

Summary

import SARIF 2.1.0 logs as security_check evidence
require exact compiled obligation IDs in SARIF rule IDs or properties/tags
route high/critical mapped SARIF findings through the existing blocking finding and policy path
infer security obligations from SARIF in manifest attach-artifact

Validation

go test ./internal/vouch -run 'TestSARIF|TestAttachArtifactInfersSARIF|TestVerifierOutputFindingBlocksReleasePolicy'
go test ./...


          feat: import sarif security evidence

9de4429

duriantaco merged commit 8c7c43e into main

3 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet