SARIF JSON output

[iTaybb]

Problem statement

To use this tool in automation (in CI, or for integrations), a consistent report format is required.

Currently, the CLI supports the --json parameter, but the output is a unique JSON format which is different from the previous codeclimate cli output, and isn't a standard.

Furthermore from the conversation in the discord channel, it seems that the --json output is not stable and might change in the future.

Solution brainstorm (optional)

Implement a feature to export the report in a standard output, such as SARIF 2.1.0 JSON schema.

[brynary]

Thanks, @iTaybb!

Yes, I can confirm that the current --json output format is considered unstable and we will likely be modifying it as needed for our own internal use.

A SARIF output format is a great idea for a stable format for integration. We will add this to our desired features tracker, and would happily accept a patch if someone wanted to try this out as a good first Rust issue.

[brynary]

We have an open PR for a SARIF formatter so this should land soon:

#1595

[brynary]

Our latest release v0.505.0 contains a SARIF output format accessible with the --sarif flag! Thanks everyone.