Merge pull request #1428 from snyk/fix/sarif-output-changes

fix: sarif descirption change

src/cli/commands/test/iac-output.ts

@@ -174,7 +174,7 @@ export function mapIacTestResponseToSarifTool(
       tool.driver.rules?.push({
         id: iacIssue.id,
         shortDescription: {
-          text: `${upperFirst(iacIssue.severity)} - ${iacIssue.title}`,
+          text: `${upperFirst(iacIssue.severity)} severity - ${iacIssue.title}`,
         },
         fullDescription: {
           text: `${iacTypeToText[iacIssue.type]} ${iacIssue.subType}`,

src/cli/commands/test/sarif-output.ts

@@ -1,4 +1,5 @@
 import * as sarif from 'sarif';
+import { upperFirst } from 'lodash';
 
 export function createSarifOutputForContainers(testResult): sarif.Log {
   const sarifRes: sarif.Log = {
@@ -40,7 +41,9 @@ export function getTool(testResult): sarif.Tool {
       return {
         id: vuln.id,
         shortDescription: {
-          text: `${vuln.severity} severity ${vuln.title} vulnerability in ${vuln.packageName}`,
+          text: `${upperFirst(vuln.severity)} severity - ${
+            vuln.title
+          } vulnerability in ${vuln.packageName}`,
         },
         fullDescription: {
           text: cve

test/acceptance/fixtures/docker/sarif-container-result.json

@@ -9,7 +9,7 @@
             {
               "id": "SNYK-LINUX-BZIP2-106947",
               "shortDescription": {
-                "text": "low severity Denial of Service (DoS) vulnerability in bzip2"
+                "text": "Low severity - Denial of Service (DoS) vulnerability in bzip2"
               },
               "fullDescription": {
                 "text": "(CVE-2016-3189) bzip2/[email protected]"