Implement CodeQL SARIF file improvements suggested by Microsoft SARIF SDK tool

[davewichers]

Microsoft has a nice SARIF SDK tool which allows you to a bunch of stuff with SARIF files.

It's repo is here: https://github.com/microsoft/sarif-sdk, and there is a basic explanation of how to use it here: https://github.com/microsoft/sarif-sdk/blob/main/docs/multitool-usage.md.

You can easily install it like so:

• npm i -g @microsoft/sarif-multitool (requires Node.js (e.g., npm and node)

And then run it on CodeQL generated SARIF files like so:

• npx @microsoft/sarif-multitool validate Some_CODEQL.sarif --max-file-size-in-kb=some_number_if_needed

When I ran it on a recently generated codeQL SARIF file it generated LOTS of suggested improvements to the SARIF file generated by CodeQL.

I suggest you look at/implement the suggestions that make sense to you, and you might want to build in this 'SARIF validate' function into your maintenance process, to continually maintain/improve the SARIF files generated by CodeQL.

Not urgent, but certainly I think a useful/good maintenance aide for this project.

[aibaars]

I've used the sarif-multitool on several occasions, it's quite handy indeed. Wasn't aware of the validate option though, sounds useful! Thanks for reporting.