From 83996e36f1d3f1d308ffb6a3d452966a2977f9a9 Mon Sep 17 00:00:00 2001
From: Eric Brown <ericwb@users.noreply.github.com>
Date: Mon, 4 Mar 2024 16:24:14 -0800
Subject: [PATCH] Add security tag to sarif output (#321)

Signed-off-by: Eric Brown <eric.brown@securesauce.dev>
---
 precli/renderers/json.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/precli/renderers/json.py b/precli/renderers/json.py
index 738f5ab3..39b6d2ba 100644
--- a/precli/renderers/json.py
+++ b/precli/renderers/json.py
@@ -12,10 +12,7 @@
 from precli.renderers import Renderer
 
 
-SCHEMA_URI = (
-    "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/"
-    "sarif-schema-2.1.0.json"
-)
+SCHEMA_URI = "https://json.schemastore.org/sarif-2.1.0.json"
 TS_FORMAT = "%Y-%m-%dT%H:%M:%SZ"
 
 
@@ -63,13 +60,16 @@ def create_rule_array(self, run: Run):
         for rule in run.tool.rules:
             reporting_descriptor = sarif_om.ReportingDescriptor(
                 id=rule.id,
+                name=rule.__class__.__name__,
                 help_uri=rule.help_url,
                 message_strings={
-                    "errorMessage": sarif_om.MultiformatMessageString(
+                    "default": sarif_om.MultiformatMessageString(
                         text=rule.message
                     )
                 },
-                name=rule.__class__.__name__,
+                properties={
+                    "tags": ["security"],
+                },
             )
             rules.append(reporting_descriptor)