* fix(fortify): suppressed issues got "Unknown" category and state
* fix (fortify-sarif): classify findings into audit group
* fix(fortify-checkmarx-sarif): common properties bag for Fortify and Checkmarx (accepting the risk of empty value)
* fix (checkmarx-sarif): classify findings into audit group
* fix (sarif): formatting
* feat(fortifyExecuteScan): add a max number of retries for API calls in SARIF conversion
* feat(checkmarxExecuteScan): implement max number of retries on API call for descriptions in SARIF processing
* feat(checkmarx/fortify): extra logging line when failing an API request in SARIF conversion
* fix(fortifyExecuteScan): panic if undefined projectversion in sarif
* fix(fortifyExecuteScan): logging improvement
* fix(fortifyExecuteScan): wrong if condition caused crash
* fix(fortifyExecuteScan): do not log if retries hit -1, adjust logging
* fix(SARIF): commenting API calls for Checkmarx until a solution can be found for the API issues
* feat(SARIF): add omitempty to extensions
* feat(fortfiyExecuteScan): proper XML unescaping, added rulepacks to SARIF, added kingdom/type/subtype to tags
* feat(fortifyExecuteScan): proper handling of severity, kinds, levels in SARIF
* fix(fortifyExecuteScan): edge case when handling properties taht could lead to a crash
* fix(fortifyExecuteScan): ensure SARIF processing is done after latest FPR is processed by SSC
* feat(checkmarxExecuteScan): respect SARIF standard more closely
* fix(checkmarxExecuteScan): edge case where message would be empty in SARIF
* fix(checkmarxExecuteScan): better message handling to ensure field is populated
* feat(checkmarxExecuteScan): SARIF file readability
* feat(checkmarxExecuteScan): include the helpURL as part of the Help object
* fix(sarif): remove wrong structure addition
* feat(checkmarxExecuteScan): safer handling of version in SARIF file
* feat(checkmarxExecuteScan): add CWE number to tags
* feat(fpr_to_sarif & GHAS): adjustments to fit some rules
* feat(fortifyExecuteScan): fit GH ingestion rules better
* feat(fortifyExecuteScan): readability in SARIF report
* feat(fortifyExecuteScan): restore escaped chars in XML text
* feat(fortifyExecuteScan): properly replace threadflowlocations in each threadflow
* fix(fortifyExecuteScan): fixed missing threadflow in SARIF generation
* feat(fortifyExecuteScan): properly handle threadflows when a node has another node as Reason (node-in-node edge case)
* feat(fortifyExecuteScan): better sarif ruleID field
Co-authored-by: thtri <trinhthanhhai@gmail.com>
* fix(sarif): change format to fit omitempty cases better
* feat(fortifyExecuteScan): include category in sarif file
* fix(fortifyExecuteScan): access to undefined pointer in some cases
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
