feat: add run automation details for SARIF output

Author: CatalinSnyk

cliv2/go.mod

@@ -18,7 +18,7 @@ require (
 	github.com/snyk/cli-extension-sbom v0.0.0-20250801142135-ae472dafa4cd
 	github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7
 	github.com/snyk/error-catalog-golang-public v0.0.0-20250912144134-a308b7983895
-	github.com/snyk/go-application-framework v0.0.0-20250917164002-527eabced057
+	github.com/snyk/go-application-framework v0.0.0-20250922075509-bb6458741916
 	github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65
 	github.com/snyk/snyk-iac-capture v0.6.5
 	github.com/snyk/snyk-ls v0.0.0-20250911124327-66ea5253a18c

cliv2/go.sum

@@ -1266,10 +1266,13 @@ github.com/snyk/code-client-go v1.23.4 h1:GDvWVIEqSeAvuv43AMMGFARzpnolXqw0kMiyf4
 github.com/snyk/code-client-go v1.23.4/go.mod h1:3d9rtr06j239obFmF7Ojl9KybivOTR3lz0vsmDNPsRI=
 github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7 h1:/2+2piwQtB9fEJCkXEOjboZjY+77lQfnvqBZ/60xNHk=
 github.com/snyk/container-cli v0.0.0-20250321132345-1e2e01681dd7/go.mod h1:38w+dcAQp9eG3P5t2eNS9eG0reut10AeJjLv5lJ5lpM=
-github.com/snyk/error-catalog-golang-public v0.0.0-20250912144134-a308b7983895 h1:JrN/uGEMVprlres/CVMJybSKvaLuW59SfCHoT4TfvUk=
+github.com/snyk/error-catalog-golang-public v0.0.0-20250812140843-a01d75260003 h1:qeXih9sVe/WvhccE3MfEgglnSVKN1xTQBcsA/N96Kzo=
+github.com/snyk/error-catalog-golang-public v0.0.0-20250812140843-a01d75260003/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
 github.com/snyk/error-catalog-golang-public v0.0.0-20250912144134-a308b7983895/go.mod h1:Ytttq7Pw4vOCu9NtRQaOeDU2dhBYUyNBe6kX4+nIIQ4=
-github.com/snyk/go-application-framework v0.0.0-20250917164002-527eabced057 h1:Hh6NV/bhfXaiurUHFSUSqInZ1bHecqQeHKoyKff3+tY=
-github.com/snyk/go-application-framework v0.0.0-20250917164002-527eabced057/go.mod h1:3qfDCCm6WiRb0xfX0fXlBS1sVbAbEsaCPeHEns/QVcA=
+github.com/snyk/go-application-framework v0.0.0-20250917075126-86da42c27dae h1:48Z3TfXoPllIvFogEXvzX7klFbhXTCIgvu9J7i/92LE=
+github.com/snyk/go-application-framework v0.0.0-20250917075126-86da42c27dae/go.mod h1:3qfDCCm6WiRb0xfX0fXlBS1sVbAbEsaCPeHEns/QVcA=
+github.com/snyk/go-application-framework v0.0.0-20250922075509-bb6458741916 h1:vnaIcja//5/DTlQi8SMbx9RAGt9A295Dv5+q3IMA7FM=
+github.com/snyk/go-application-framework v0.0.0-20250922075509-bb6458741916/go.mod h1:3qfDCCm6WiRb0xfX0fXlBS1sVbAbEsaCPeHEns/QVcA=
 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 h1:CEQuYv0Go6MEyRCD3YjLYM2u3Oxkx8GpCpFBd4rUTUk=
 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
 github.com/snyk/policy-engine v1.1.0 h1:vFbFZbs3B0Y3XuGSur5om2meo4JEcCaKfNzshZFGOUs=

src/lib/formatters/iac-output/sarif.ts

@@ -60,6 +60,10 @@ export function createSarifOutputForIac(
       rules: extractReportingDescriptor(issues),
     },
   };
+
+  const projectName = iacTestResponses[0].projectName;
+  const projectIdentifier = projectName ? `${projectName}/` : '';
+
   return {
     $schema:
       'https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json',
@@ -78,7 +82,7 @@ export function createSarifOutputForIac(
 
         tool,
         automationDetails: {
-          id: 'snyk-iac',
+          id: `Snyk/IaC/${projectIdentifier}${new Date().toISOString()}`,
         },
         results: mapIacTestResponseToSarifResults(issues),
       },

src/lib/formatters/open-source-sarif-output.ts

@@ -26,21 +26,29 @@ export function createSarifOutputForOpenSource(
     $schema:
       'https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json',
     version: '2.1.0',
-    runs: testResults.map(replaceLockfileWithManifest).map((testResult) => ({
-      tool: {
-        driver: {
-          name: 'Snyk Open Source',
-          semanticVersion: getVersion(),
-          version: getVersion(),
-          informationUri: 'https://docs.snyk.io/',
-          properties: {
-            artifactsScanned: testResult.dependencyCount,
+    runs: testResults.map(replaceLockfileWithManifest).map((testResult) => {
+      const projectName = testResult?.projectName;
+      const projectIdentifier = projectName ? `${projectName}/` : '';
+
+      return {
+        tool: {
+          driver: {
+            name: 'Snyk Open Source',
+            semanticVersion: getVersion(),
+            version: getVersion(),
+            informationUri: 'https://docs.snyk.io/',
+            properties: {
+              artifactsScanned: testResult.dependencyCount,
+            },
+            rules: getRules(testResult),
           },
-          rules: getRules(testResult),
         },
-      },
-      results: getResults(testResult),
-    })),
+        automationDetails: {
+          id: `Snyk/Open Source/${projectIdentifier}${new Date().toISOString()}`,
+        },
+        results: getResults(testResult),
+      };
+    }),
   };
 }
 

src/lib/formatters/sarif-output.ts

@@ -16,9 +16,15 @@ export function createSarifOutputForContainers(
   };
 
   testResults.forEach((testResult) => {
+    const projectName = testResult?.projectName;
+    const projectIdentifier = projectName ? `${projectName}/` : '';
+
     sarifRes.runs.push({
       tool: getTool(testResult),
       results: getResults(testResult),
+      automationDetails: {
+        id: `Snyk/Container/${projectIdentifier}${new Date().toISOString()}`,
+      },
     });
   });
 

src/lib/iac/test/v2/sarif.ts

@@ -31,6 +31,9 @@ export function convertEngineToSarifResults(scanResult: TestOutput): sarif.Log {
     },
   };
 
+  const projectName = scanResult.results?.metadata?.projectName;
+  const projectIdentifier = projectName ? `${projectName}/` : '';
+
   return {
     $schema:
       'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
@@ -49,7 +52,7 @@ export function convertEngineToSarifResults(scanResult: TestOutput): sarif.Log {
 
         tool,
         automationDetails: {
-          id: 'snyk-iac',
+          id: `Snyk/IaC/${projectIdentifier}${new Date().toISOString()}`,
         },
         results: mapSnykIacTestResultsToSarifResults(scanResult.results),
       },

src/lib/plugins/sast/analysis.ts

@@ -121,12 +121,31 @@ export async function getCodeTestResults(
     return null;
   }
 
+  enrichCodeAnalysis(codeAnalysis, config.PROJECT_NAME);
+
   return {
     reportResults: codeAnalysis.reportResults,
     analysisResults: codeAnalysis.analysisResults,
   };
 }
 
+function enrichCodeAnalysis(
+  codeAnalysis: CodeAnalysisResults,
+  projectName: string,
+): void {
+  // Overrides the schema link to the work
+  codeAnalysis.analysisResults.sarif.$schema =
+    'https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json';
+
+  const projectIdentifier = projectName ? `${projectName}/` : '';
+  if (codeAnalysis.analysisResults.sarif.runs[0]) {
+    codeAnalysis.analysisResults.sarif.runs[0].automationDetails = {
+      id: `Snyk/Code/${projectIdentifier}${new Date().toISOString()}`,
+      ...codeAnalysis.analysisResults.sarif.runs[0].automationDetails,
+    };
+  }
+}
+
 /**
  * Performs Code analysis and returns normalised results.
  * Analysis method (i.e. file-based or SCM) is chosen based on flow options.
@@ -249,8 +268,6 @@ function parseSecurityResults(codeAnalysis: Log): Log {
     );
   }
 
-  codeAnalysis.$schema =
-    'https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json';
   return codeAnalysis;
 }
 

test/jest/acceptance/cli-sarif-output.spec.ts

@@ -90,3 +90,16 @@ describe('SARIF output is schema compliant', () => {
     expect(jsonValidator.validate(schema, result)).toBe(true);
   });
 });
+
+describe('SARIF output is GitHub Actions compliant', () => {
+  it.each(TEST_CASES)(
+    'has runAutomationDetails.id for $name',
+    async ({ cmd, env, target }: TestCase) => {
+      const { stdout, code } = await runSnykCLI(`${cmd} ${target}`, { env });
+      expect(code).toBe(1);
+
+      const result = JSON.parse(stdout);
+      expect(result.runs[0].automationDetails.id).toMatch(/Snyk\/[A-Z][a-z]+/);
+    },
+  );
+});