From 7af62ffdaf87360f3ad8ed8245995e88480d9679 Mon Sep 17 00:00:00 2001 From: Larry Golding Date: Fri, 3 Jul 2020 13:55:07 -0700 Subject: [PATCH] Provide messages for SARIF2003.ProvideVersionControlProvenance. --- docs/Producing effective SARIF.md | 4 ++++ docs/Rule factoring.xlsx | Bin 13864 -> 13515 bytes .../Rules/RuleResources.Designer.cs | 4 ++-- src/Sarif.Multitool/Rules/RuleResources.resx | 4 ++-- ...RIF2003.ProvideVersionControlProvenance.cs | 7 +++++-- ...videVersionControlProvenance_Invalid.sarif | 6 +++--- 6 files changed, 16 insertions(+), 9 deletions(-) diff --git a/docs/Producing effective SARIF.md b/docs/Producing effective SARIF.md index a2c166f17..d87cf095a 100644 --- a/docs/Producing effective SARIF.md +++ b/docs/Producing effective SARIF.md @@ -371,10 +371,14 @@ In result messages, use the 'message.id' and 'message.arguments' properties rath #### Description +Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository. + #### Messages ##### `Default`: note +This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository. + --- ### Rule `SARIF2004.OptimizeFileSize` diff --git a/docs/Rule factoring.xlsx b/docs/Rule factoring.xlsx index ae17dc8e0ba9c39fa22ebdfbc423fab1bea9ff93..911cb5d13bc1a3d1fc7e233704f982aa5663180e 100644 GIT binary patch delta 4937 zcmY*dcQ71W`(10Tw)$d;8ZCNRqL)QNgh(V>ELLar8h!OH!U_^KQNt3wM3l8kL~pU8 zmjsEZ2|>iq@0)MlcfR}AnK@_f-1|Jw+_~pexDC0m-oHxgsK5DL#dH-s%jlLFa1*L-xL z?^LFal&>*EXkH5y2zD@quJ}uR8WTN`4*Q{!1iTYejNHGUNK*u(_3%8KG60Dwe6|xn zzy8fH@Qs~4)*)f#)SkttH~}+-yj{wQrakPO55qiD3IrN*qNRI_E+OzHzen$JK_OKe zQ^5~Xnok~A>Q%tZBB}|U+DmN+80hf}X)6 z2}in5YV@8C_tZ8s>=Dn@AwLE$YXZFY{%{Pk-{=>a$VC&|k;;BYhcRwK+dj9%a&q=MmPN$7@-#R;I zrc20qnW?wPYrbE{a^aDUt_p-&Y{-nJNjh!V8DIe zjP8+ce>-%QkJY?UG;r|UIW(-pYL214PLkNPsPxm8H0K;A)g~l*Io-yWvwlxcNCRm%9U2SbBy_Gl?&js_%yH6;#Z9Os9qk} zI=htLrbk?R9npz1mlSGjRshuq*sA^vz|V8>?3xj#i%D*oSnxZYaI$XHMAo(_)HVZa z=>HO9@wrQ&GWoY?bKcgC=So0lC;kh;@Es*smmdDuot74(b;ya}&Z$`~cuuiAD6(J| zJBA`&xXMB%Wgg$*3EI=9K3-7q^Fh|dEu~C0=`Le*`>gM2sgcD{u2;xbI^ou}m}f}-L_DF{UBMj?vz#s`o5v?m1ipj%$7v&-mF zl%y*yRSQO9yNi?w%1-^0tgc5lDQ01i`Zd~>-XJM!(ESd#hX4bv-l45iJc!rR`a{P1 zACZ?l`bJyMoD@$=WS1`4m86&k`8%lv#9Gyd)U-%yK9FXTCeb$Pw-g{c4|YOK6F?XY zm7P2xa_@7pSepBCn$P)k8c_Lz@9dG`kyvsAH$5hW0vm-z%(UydZb47+p8A{i%I3AX z5L{^4!NzWQa{-1;aGs8{R&B}yw)nxxV5_w0qW@inr;)u~^~S*LP^xseU1{Y**xz1wwBvSc@qhW*n0HLR|5?~DseW#9?PB&s{@ z<-YRA?(&6X&D?zjoTuOvVtpR|<0LB=&FgM5nh**!?(f#|fhx z_uTLZuS^AfTXKuAjXhT*rNQoJ9`(|?Jttg=?emx?)xY_<*`1i}?@&eI0vzmI$@cn& zM)(rCo$tEk3y_hL5jST|+fC8w>*c7IY6%s#(Lln2XDQ_K{dit))j5SXd3(?7wq56n zF>1C3KG-t4$uT(|^(kn)QKWii3s2Ikw9!k~_DZy@s`AA|`WI>znf>v8GVRDtL6dz8 zp>&1~hx3t_#~fpt*mJXw2P0XqdO5bvJaw>EFVnyq<_!h&m^N#s+jdojkedNficMJ( zJ}u}QkYJHz;=u4&gS6)*{zC(CQyl=n5=faSW5n2fs;B^fW$Z7=b&TP*{t*&9~sn zp@X@%%ktmxt`B~gemPz^insH;@0R_AfIj!zz4$Aq{319yEZ>v+(7#Q5w1c~E>HOE) z9!5Dtw94~*^K}Jzlntg`{iNV~@DnBWAK7Dlg3EM6mUYZsL1I+~R>|B|`sx3v`et_fKSiB|vUx4?eZWwLXZEZtW%a!N zkKiE7+E~9WvEzC=;psijp6BqeX_UXgBsQ4eLp^0xHO^RN*eg% zV2Kf4_DG(Y@)Z|krRj@#w34Uxr&Z$kF2kVhz76c|l0zE{KW6PRdPL9T4nyMU6aO#^ z)#!*TX7nSA22 zYiJ$~-@7QF)M{*h0*$X(ws6sDgo~q2?(Losa@LP-a{;{hKiIQ%8-2EIwkTRbeBHLA zlpvnA{%0^T%_QE3fI(Spw{?O&snmF?4Fe(sIrPST!d-qOUPF6xz3)~elG@JY=vrkmAm{P7aj3g%<1 zwUFwGui@oEjg`WHs>KXACkW+twygfgdT;bc9~9^{c4VSNoxr@B>-6&Q)OpBXod@e{dNszZcIVXG5{J+YYvptwuL7g|K;3k2TmlOu^d(AVhh zAB4oDl9LaMr`2UW+^#+kW)EWN@k%h`*4|-`d;u8FTZ>eT>gm2!Dy93-{|>(2nLq%) zA?eVvmlVahm?89y6Fmonr@s%Q0^yCe=kM9rH|%dqS{jCl`>dsSP3slSzrgQ1wo+h3 z4DCa-hAVVF9SI<(U%JCJRvf^D+*d(L?_VMAEo}*WdBee)vr72sF7=*G;`&FXxuq?k z;!cy6`<$K*w=VGu6Xk~i%->FoTJDmOx6_&^L&4ujBN1eDv4}zaDwOi>eK~YsV0_yR z2}65j{gi+OwfYvmT)T>Fo67U)Y_B#LKs3xZ?oyj7=1_ylAmL|3X&9s*rhQsqt95~Yf!^?6)S zodL|>kP-y7OUcd2Gr4bcXiasnteBz9*o^`QmU5qmPg{c?_Wxx{~My z#~BsPLy%N4UJW1#9oO;(xx4ncHqU{Jj;c5 zG<5AamGtK^J>f~!D=2dt2|3sjgthPM)m?*y16a@u`L8&j%>tN*(6mrb>sOIUc&Ik2 zZ2$f(l-DyCe~6Z-8eKNN$+eo-j0#XDKPf5a zIk8SGpR91A8lneA=WC^q{fb;;J1sN>?SlvJP~)T94{Jy4ADog+6{kM z8D*MdD-!oz#A6T@96MR@+N>dv!pr+SL@6OD=_Fbe*td8XSGc()?E^dN$`_yLW->=e1tN8eZF!!w{4aFgj}qMJ)9UB!&$#nKM*(W=;LP@h+QL zeJOR7fa#+s2#osdanEMFa;;7@Hu^o^h%&8Rl9g6lqUw#~65DUgdphT)bf| z`-aiZKv-pDo96sBv<#ow&0lNaCWR}dp>ushI?;o|ecpm4WG$~B;~O9LGP85su$hgz z(ufF1=^}4H77Re(#8&*is3#RzO-R1Dt|AtLm{UCMnAsEfA)Pf3x>-Xx45|)qX)Fh& z?P;~adBR=t{o2_^@3gF2y{jHakrVa??ZLekYy1l%ULIKqBy#|+cPL9*Xuge( zaVpOpbKnk1Rsuo^+PXHV2Rf*6^NjAIRFu@tZRfy1HXluK$j7W##oot@U zz4aph@fAnh(;~UzHgR`JwtESDUtlIJ{1j@80vdrX2hJ5=4E9$_{pr8QVd9xxN!NNX zHc|n4>btI@cKX4CEt(dGiwiD;@|{i29;=6l_Y$9r>y4dT-=bXZMy^y@`vPO~3~g2h zGrD;;uR(I_*||QQ(q5IWqG|d}-0b3PNdhCH_H||o-Oi0m*7D#xtUI)sz%3;$4l z=#+7%T#)srHHVq69O`zhy5L;Y`*n&41OOw6%y< zz58g|1Y3R7X^s@<`q@kSw#@oZ1D+Mngf$oICDVX=P&+kT7l)Hz{O%~Xw2cR>*k5EA`f(!;M``^S7;Y1scIuaGs?04~n)j}uV?0AT;a7elaT5O!=WT!bVBI}g_&A;ogY zDgo*Eu%3J@SPxkdAg3@kOjrQhbp^Rauow|xEL4vEY9i<%|868Dij9`L&heiSx$=N< lKmdT@U-k<96vg7@RDl^188_K!X#g|;`>T^akp6$o{{d#<7##or delta 5275 zcmZu#2Q(ba+FmR|R&TpHt0lTcq7x($A&9a>?<^q+vRYPWwL~^r^p+^mB_b zR{nKxw=xsmVBMbFM9iuAskf1s&;gA>;j;b`e6Bp3|k&WE}Q&4wJ+CJ6g0w z!079L>4#K&iw6PGVjeKt39D(D=lNXQ;BVcsw%7c;`#6US9sz30$rQ-Q|0q%STVXaS zI8ifCXKvF6+t^-e5U~7)<6MT+oAw?dAFjRiIAzSW6}ZVShPHki%LP0q(*DwY`vHy| zk#jU!j!zuu&&<U=HdYj?f_oLPN?sqC z%0XpTG{EOxG}QrY-$6FsSrjEgHxp^KvQfJ%T(}?4rRm9a_Xyp|xrIqwMegfdgT9(B zydGLlB8)l1aWg4nb<0PxLx!Fjz-=_?X^n$u!#$1-2Lc6u%1Cd;Nfl{K;5h8aQ9Vg+ z^w&vSH+jPj-xdw+r-TsE2sJ;u-D5A(5v&=_CsxaS(=0$;t>C%Dt1U%vvkq=G7)6_? zxzDA+lU}h9ntV;I`=+vOq@?ZSxu-1Xhm3^|pFfY*b=p~FAHV6E?762!h@`QN>kyx! z0LLS((o(xvc}T2n&%_}ICxBFu0w7?}Ohff`(agXjM(^fQg|l zB^@Bbb4qN7-MSBJRwJ+zNKm_m8CA5PZ2f68J$K2eD8=;4Iwy3+J&XppY&R33u1^G4SGNoI$LDYfPEVv*BRwwSSsChmx!v{HG z%!Xg`_z+}2+$K$;+t~~ERIz$Bva=R@HWhH;HaXL@8FG~F*SBubryI1qV)!WaI|p#WV-)(veQd0$Uce>F}qcE+ze-MSFF+v){_kndbe<%x%w}ElyRd9c;Bqe!m%0TGLBr#S?t`@v;lz zDx3XVP4vCfy@+oNh1RWI>#<)Hl6Z?f)mw;iQ_3+fUQ#fhlUq-!qVz451~untdppEp zyv>bqi;9G{eNh z`)eKBNr@e)aT(VO5^N|4X~50l?$)W)l`YCE61==51N=8BYA@n+gs(`kkqiJ}2V5hm z4W@>YpfG*=d)4yHO!7n2r1 z$ON&!EMy;k&H0g4L(M#5s)7otEy{x!UT0VxwV3YS=Akc58hCRfSRf&ckB*PBhf82j z*;CC{a~0qIviR4>X2(~x?)->_D&&zw&{sF9kJ~ojwDX27j{kL*r}e$J>!<;MWz07a zKgw(IKI6r!ALo>PIZu7rTIA*F18$7S?TW&XT$2MtnVAN~IIxz6? z`|Fj*msOGnTN>xXej{|0;f2lkaU~mAW~u~d$I?$4and2P*F`Hq=;K z@tJGkc7O?M^kVe})oN2VOdj?N$-5>hnn9nswox zx6pJSGyjX4S6>e=Q`<+7G7$Vg#mAB1DQ|g5juqV^!9(#;m_K`=n@r-xVWkB3IDhMp zo0a`MlIL#T7tfea&daVRt6y5Ld7+{^T`GHj@9gU}l|GlgPY6UYcN{-W?wKSopUGhURf@~g$64`0LFURAgx zm-b(lA9C+^Z8<#-zA?voa{8-*QIjsPdN<}_$w4&FtrI)J=jNcfIQt&#O?gz9)}Q&A zij{okhO}U_iTWeWBQaIhc&lE&)xI!z~LPm2A#|FC^tMD>|m&|cN8_yWSm zcs)?Y*KuhuanbI!PG`at+5*)Bv~|4Q{&^LA^j3uP)<*#m&ZQe~dexsf{Yr!Afg-;) zJ>q-lEJ9jc=i?VkC)d+6+$bKL^~)Xd)6vAw*O1jKyEt5?nV4>zOt4JkRgGyJ8X4Mr zV7F`$+g^DjnOL^@y-0BUoj}e5KW&kVKfJ7eHcfnnQ7j0g6a563VLAo{xeFxYc&@2V z${{1%nLhc3S+f($@m!Y%=*kKd0y0^<$HS%WHOG_SDIdZVrbgL@m7)yZK|~{bK9_0o z58o{8%8TX|0Fz`YKYgKd~GFsw1MN= z(%9C)PEM1=2&!=HS2Ifaa&s+X@IrDcDwq^nz~JEsqT+z0bUrUK7IHBg5S;cCg!h(c z#Ejlv#RDZ?Quc>+!G&T@=Wsyu7d?PmmOGGxOtZB!q^KJ72BpMI^ht4@0T?V*Nb>_u zrJ%gFhO_kaX@fwZSmvnuWRQ1@7&3lEzo`EAh3vjq#6ns%N%tgz6h@i`=^#S@BSZCz zr0zfV)y1v4;@gBuNWN=2Vp)!5J;t)iSmy^G7f+PncAZ^2QZiDB$uYt;`1Qig1NFGf zNoZyrc>sB>cJY3B(e zg*VYe-D=a;^5<7#|LG_@wDEzK%=q3VZkB4SqH!vcB5TyMlwdoCdm7!U9?UCMypShV zoaV;jvC6e^mxhiy%mBU*6+KQ{rimzkki?TA;u zj?}Zg^JWP~8r~M(MIGvlr+IC{nj6Le;^Bs|+7!xlmx#sC1gGxazs-_uu(4dt;!5*6 zY^F?@6cVgwH*{COuXfBRH;c1V%a&yT56ACng$T=mU%^~D?c3Uzrk*&IvA9~P81zXj{CnuaLT!K1EdqLL7yex%5V!kPI=qo+`+SO`J2hLGt5+1=AjAm8wF zmkJ8%hX(~+U4d$rVv>IhHk|J*t7(Didy3Td->PvzN(STV&(IRopB!;%_i~6_J1Bm@%wVJ#s$|wGJH1ExwVS z@4rma zGgt3^&Vr2!_CIg9P&X!Q89fvZ6m!A&8QiemkQuDT$causM8pAE3%_Tjci z!t2K!s(TjH>tw+UMI#6AiP_)e;=Hh%c!`f1oNc}e?PfcAd{C;-qIa%bc&%&;ZkD$A}0b1X7W~T6G+1b4t;-bH6Tj`GCR?WMD$o3P!pdZ_j ztC+igCe!Q!E%seY$sIDYf<+BweXWYlG(ZEp!`)rkn6yV>**r?hji3B2EIpkMxqB;m z@hVnjUqE~E2vRyDP}Cr#ZNxt2y1QE^VjP#dH#+*|OT(CZJ?l;#<6l6x_5HL_@;X-% zbHDbiI^(?Ul{cuCHbYWaXkTbcySD;;8pAsycU5obQz;MDF=Y>xHMB>ie7%L|lyn@P zw&dgxa+57ohhY8F7O89H=b)VA>6RL0%gSW`TC5`tn9a<=J!g~(HKoii!ojzPZ!maz z`TW>R8!|S^cEv0Yp}*>+!7U#W0UcHJM&QX&25?=LfRrmA7{p`h0B)8mzPIGmo$CQn zgt%avM;Kg<;v{B^g|ZUWS=dKcNR*j*)usPXqo9!*hV3r7w`1ECZp@avul`GfJv&9@ zOYRoH*RaveKB9Cgi;lo{Mr8nclzIcSFUAcDWOdj*9RknQ>Qh?|PV0nX^r=4$Nx3A! zZGV9%48o~|>T(36CO;#kwk#-VD!SZtEMV_3hP-Ammt!ec|y2uoc%!fIFx zig$t?l<`@PPIR1BOE=1cQ^run@|qg#lwSkXV57}5$qM?lC2xJ{yLs|d?78GGmZ_f z@8KCkl-t`Ey*lt6!eGRX_npj67MFw74ADfB&7ACx&4mWnq4v0{CL)~K4pdxvS}QHxN~TpZqvgJJ^NWFh zU@RD${ksVfEiT@{QLFWV_U7X|q09d9vM+Z7<|O5q^AqpZOW9HKFoRDIO00-9BhXk@ zC5<0i8U|Jzhz`n!`VV7OYj+DfU(_h;4HqQK6>tdhx?600{^VY^z_#$Up7Aa9pYP5} zF^&A&HcV^F#-OzmLh`K)OM$9$Hq1@YNpin(mNMsBN--D-s?P08L&Fb0f+N2NFWfNb zde2W&56oLfzjNY;ZBtQdRiU+6$u&zx@kH%JRgH{?J>bV`E!PCh_%T>;bD`)CE7T#K zSvOCXrM-;?(lt;xC+m-I<^D7x zQ7LXT_t2uSukFr+V4o??JM;c_Uz_-*nlU`~VI0Eb`naS}VR;;1aIdElx*s^CGVQlz zO%ZCjQMHLQweIRW^NGY5N>Ml3ZVYF<8))rOE<7L#O}sw&p#9P?^T)Yvra$g>(Sf(} zvmuf_(EaIIHI)87d2PJJ7%A01A8Z(RX(N(u%y((-e}C){q*+L|F~`#U-2bgNuMqW5 zd3mLrFu~O97y}u4&VQtoDgXffC**Hu4uok2v13wXZeFc`lTioVa zSTOuBc9O>!6_^Hz9R>w6AaTG9!4xI`Ka&45sgLOYz%|AI#*CqsWhd1Y!wAXpbN&lI zS2{V06aZlOPwtgRCysHHRk`^|5&&@Yaxi%A<^4j^&fEL%hhd;gPVsjv?N$AFC9n}P HfA{_mMSQp9 diff --git a/src/Sarif.Multitool/Rules/RuleResources.Designer.cs b/src/Sarif.Multitool/Rules/RuleResources.Designer.cs index 57d1f078c..8ecf66420 100644 --- a/src/Sarif.Multitool/Rules/RuleResources.Designer.cs +++ b/src/Sarif.Multitool/Rules/RuleResources.Designer.cs @@ -425,7 +425,7 @@ internal static string SARIF2002_ProvideMessageArguments_Warning_Default_Text { } /// - /// Looks up a localized string similar to Placeholder_SARIF2003_ProvideVersionControlProvenance_FullDescription_Text. + /// Looks up a localized string similar to Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository.. /// internal static string SARIF2003_ProvideVersionControlProvenance_FullDescription_Text { get { @@ -434,7 +434,7 @@ internal static string SARIF2003_ProvideVersionControlProvenance_FullDescription } /// - /// Looks up a localized string similar to {0}: Placeholder. + /// Looks up a localized string similar to {0}: This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository.. /// internal static string SARIF2003_ProvideVersionControlProvenance_Note_Default_Text { get { diff --git a/src/Sarif.Multitool/Rules/RuleResources.resx b/src/Sarif.Multitool/Rules/RuleResources.resx index 6f2e7d0d1..5b7e7fad1 100644 --- a/src/Sarif.Multitool/Rules/RuleResources.resx +++ b/src/Sarif.Multitool/Rules/RuleResources.resx @@ -280,10 +280,10 @@ Many tools follow a conventional format for the 'reportingDescriptor.id' propert {0}: The 'message' property of this result contains a 'text' property. Consider replacing it with 'id' and 'arguments' properties. This potentially reduces the log file size, allows the message text to be improved without modifying the log file, and enables localization. - Placeholder_SARIF2003_ProvideVersionControlProvenance_FullDescription_Text + Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository. - {0}: Placeholder + {0}: This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository. Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text diff --git a/src/Sarif.Multitool/Rules/SARIF2003.ProvideVersionControlProvenance.cs b/src/Sarif.Multitool/Rules/SARIF2003.ProvideVersionControlProvenance.cs index c36838c84..1f8bc9ffc 100644 --- a/src/Sarif.Multitool/Rules/SARIF2003.ProvideVersionControlProvenance.cs +++ b/src/Sarif.Multitool/Rules/SARIF2003.ProvideVersionControlProvenance.cs @@ -13,7 +13,8 @@ public class ProvideVersionControlProvenance : SarifValidationSkimmerBase public override string Id => RuleId.ProvideVersionControlProvenance; /// - /// Placeholder + /// Provide 'versionControlProvenance' to record which version of the code was analyzed, + /// and to enable paths to be expressed relative to the root of the repository. /// public override MultiformatMessageString FullDescription => new MultiformatMessageString { Text = RuleResources.SARIF2003_ProvideVersionControlProvenance_FullDescription_Text }; @@ -27,7 +28,9 @@ protected override void Analyze(Run run, string runPointer) { if (run.VersionControlProvenance == null || run.VersionControlProvenance.Count == 0) { - // {0}: Placeholder + // {0}: This run does not provide 'versionControlProvenance'. As a result, it is + // not possible to determine which version of code was analyzed, nor to map + // relative paths to their locations within the repository. LogResult( runPointer, nameof(RuleResources.SARIF2003_ProvideVersionControlProvenance_Note_Default_Text)); diff --git a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2003.ProvideVersionControlProvenance_Invalid.sarif b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2003.ProvideVersionControlProvenance_Invalid.sarif index 7a32c3e14..0361642c2 100644 --- a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2003.ProvideVersionControlProvenance_Invalid.sarif +++ b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2003.ProvideVersionControlProvenance_Invalid.sarif @@ -11,14 +11,14 @@ "id": "SARIF2003", "name": "ProvideVersionControlProvenance", "shortDescription": { - "text": "Placeholder_SARIF2003_ProvideVersionControlProvenance_FullDescription_Text." + "text": "Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository." }, "fullDescription": { - "text": "Placeholder_SARIF2003_ProvideVersionControlProvenance_FullDescription_Text" + "text": "Provide 'versionControlProvenance' to record which version of the code was analyzed, and to enable paths to be expressed relative to the root of the repository." }, "messageStrings": { "Note_Default": { - "text": "{0}: Placeholder" + "text": "{0}: This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository." } }, "helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html"