marcandre-larochelle

As per the SARIF spec, what is missing is the `originalUriBaseIds` on the "runs" object as well as the `uriBaseId` property on the artifactLocation objects. see: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.pdf Under the uriBaseID...

Related of: https://github.com/jfrog/jfrog-cli/issues/2063 (open since July 2023, issue present from at least version 2.42.1)

Based on https://github.com/jfrog/jfrog-cli/issues/2270 it seems like https://github.com/jfrog/jfrog-cli/issues/2063 has been partially addressed, but nothing regarding licenses yet.

@cavcrosby for the 2nd case you highlighted, it has to be exactly the same rule "description" being broken (which in the case of var naming requires to have the same...