diff --git a/docs/Producing effective SARIF.md b/docs/Producing effective SARIF.md
index a2c166f17..d87cf095a 100644
--- a/docs/Producing effective SARIF.md
+++ b/docs/Producing effective SARIF.md
@@ -371,10 +371,14 @@ In result messages, use the 'message.id' and 'message.arguments' properties rath
#### Description
+Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository.
+
#### Messages
##### `Default`: note
+This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository.
+
---
### Rule `SARIF2004.OptimizeFileSize`
diff --git a/docs/Rule factoring.xlsx b/docs/Rule factoring.xlsx
index ae17dc8e0..911cb5d13 100644
Binary files a/docs/Rule factoring.xlsx and b/docs/Rule factoring.xlsx differ
diff --git a/src/Sarif.Multitool/Rules/RuleResources.Designer.cs b/src/Sarif.Multitool/Rules/RuleResources.Designer.cs
index 57d1f078c..8ecf66420 100644
--- a/src/Sarif.Multitool/Rules/RuleResources.Designer.cs
+++ b/src/Sarif.Multitool/Rules/RuleResources.Designer.cs
@@ -425,7 +425,7 @@ internal static string SARIF2002_ProvideMessageArguments_Warning_Default_Text {
}
///
- /// Looks up a localized string similar to Placeholder_SARIF2003_ProvideVersionControlProvenance_FullDescription_Text.
+ /// Looks up a localized string similar to Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository..
///
internal static string SARIF2003_ProvideVersionControlProvenance_FullDescription_Text {
get {
@@ -434,7 +434,7 @@ internal static string SARIF2003_ProvideVersionControlProvenance_FullDescription
}
///
- /// Looks up a localized string similar to {0}: Placeholder.
+ /// Looks up a localized string similar to {0}: This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository..
///
internal static string SARIF2003_ProvideVersionControlProvenance_Note_Default_Text {
get {
diff --git a/src/Sarif.Multitool/Rules/RuleResources.resx b/src/Sarif.Multitool/Rules/RuleResources.resx
index 6f2e7d0d1..5b7e7fad1 100644
--- a/src/Sarif.Multitool/Rules/RuleResources.resx
+++ b/src/Sarif.Multitool/Rules/RuleResources.resx
@@ -280,10 +280,10 @@ Many tools follow a conventional format for the 'reportingDescriptor.id' propert
{0}: The 'message' property of this result contains a 'text' property. Consider replacing it with 'id' and 'arguments' properties. This potentially reduces the log file size, allows the message text to be improved without modifying the log file, and enables localization.
- Placeholder_SARIF2003_ProvideVersionControlProvenance_FullDescription_Text
+ Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository.
- {0}: Placeholder
+ {0}: This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository.
Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text
diff --git a/src/Sarif.Multitool/Rules/SARIF2003.ProvideVersionControlProvenance.cs b/src/Sarif.Multitool/Rules/SARIF2003.ProvideVersionControlProvenance.cs
index c36838c84..1f8bc9ffc 100644
--- a/src/Sarif.Multitool/Rules/SARIF2003.ProvideVersionControlProvenance.cs
+++ b/src/Sarif.Multitool/Rules/SARIF2003.ProvideVersionControlProvenance.cs
@@ -13,7 +13,8 @@ public class ProvideVersionControlProvenance : SarifValidationSkimmerBase
public override string Id => RuleId.ProvideVersionControlProvenance;
///
- /// Placeholder
+ /// Provide 'versionControlProvenance' to record which version of the code was analyzed,
+ /// and to enable paths to be expressed relative to the root of the repository.
///
public override MultiformatMessageString FullDescription => new MultiformatMessageString { Text = RuleResources.SARIF2003_ProvideVersionControlProvenance_FullDescription_Text };
@@ -27,7 +28,9 @@ protected override void Analyze(Run run, string runPointer)
{
if (run.VersionControlProvenance == null || run.VersionControlProvenance.Count == 0)
{
- // {0}: Placeholder
+ // {0}: This run does not provide 'versionControlProvenance'. As a result, it is
+ // not possible to determine which version of code was analyzed, nor to map
+ // relative paths to their locations within the repository.
LogResult(
runPointer,
nameof(RuleResources.SARIF2003_ProvideVersionControlProvenance_Note_Default_Text));
diff --git a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2003.ProvideVersionControlProvenance_Invalid.sarif b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2003.ProvideVersionControlProvenance_Invalid.sarif
index 7a32c3e14..0361642c2 100644
--- a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2003.ProvideVersionControlProvenance_Invalid.sarif
+++ b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2003.ProvideVersionControlProvenance_Invalid.sarif
@@ -11,14 +11,14 @@
"id": "SARIF2003",
"name": "ProvideVersionControlProvenance",
"shortDescription": {
- "text": "Placeholder_SARIF2003_ProvideVersionControlProvenance_FullDescription_Text."
+ "text": "Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository."
},
"fullDescription": {
- "text": "Placeholder_SARIF2003_ProvideVersionControlProvenance_FullDescription_Text"
+ "text": "Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository."
},
"messageStrings": {
"Note_Default": {
- "text": "{0}: Placeholder"
+ "text": "{0}: This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository."
}
},
"helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html"