What does this release signal mean?

Microsoft published microsoft/sarif-sdk v4.6.3 (microsoft/sarif-sdk). This release signal is evidence of what shipped, changed, or was packaged for users. High-signal details: Routine SDK release, no traction mentioned. · v4.6.3 Repository: microsoft/sarif-sdk Tag: v4.6.3 Published: 2026-04-28T22:12:02Z Prerelease: no Release notes: **v4.6.3**.... onlylabs links this event to 1 captured evidence page and 6 related release signals.

Microsoft Release: microsoft/sarif-sdk v4.6.3

Captured source

source ↗

GitHub/github.com/microsoft/sarif-sdk

microsoft/sarif-sdk v4.6.3

Source ↗

published Apr 28, 2026seen 4dcaptured 9hhttp 200method plain

v4.6.3

Repository: microsoft/sarif-sdk

Tag: v4.6.3

Published: 2026-04-28T22:12:02Z

Prerelease: no

Release notes:

v4.6.3 Sdk | Driver | Converters | Multitool | Multitool Library

BRK: Renumber AI validation rules for RFC 2119 compliance (AI1xxx = MUST/SHALL error; AI2xxx = SHOULD warning/note). AI2006 → AI1005, AI1007 → AI2014. The AI3xxx series is eliminated.
NEW: Add AI1010.EvidenceBackingResolvable (error) — every sarif: URI in ai/evidence[].backing SHALL resolve to an element within the log file (§3.10.3).
NEW: Add AI1011.RedactedRunMarker (error) — ai/redacted SHALL be true or absent (never false); when true, run.redactionTokens SHALL be non-empty; ai/fullLogLocation SHALL NOT appear unless ai/redacted is true.
NEW: Add AI1012.ProvideRuleSubId (error) — AI-generated results MUST carry a hierarchical sub-component on result.ruleId beyond the base reportingDescriptor.id.
NEW: Add AI1013.NotificationAssociatedRuleResolvable (error) — if notification.associatedRule is present, it SHALL resolve to a valid rule in tool.driver.rules[] or an extension's rules[].
NEW: Add AI1014.ExecutionNotificationPlacement (error) — AI/EXEC/* descriptors SHALL appear only in toolExecutionNotifications; AI/CFG/* descriptors SHALL appear only in toolConfigurationNotifications.
NEW: Add AI2015.ProvideAttackerPosition (warning) — each result SHOULD declare ai/attackerPosition. Follows the all-or-nothing pattern.
NEW: Add AI2016.EvidenceBackingConsistency (warning) — an ai/evidence[] entry with strength: "demonstrated" SHOULD carry non-empty backing.
NEW: Add AI2017.ProvideNotificationDescriptor (warning) — every notification SHOULD have a descriptor that resolves to a reportingDescriptor in tool.driver.notifications[].
NEW: Add AI2018.ProvideExecutionSignalArtifact (note) — AI/EXEC/ALAS-SIGNAL notifications SHOULD include a locations[] entry referencing a valid artifact with roles containing "attachment".
NEW: Add AI2019.ProvideNotificationTimestamp (note) — notifications SHOULD include timeUtc for execution timeline reconstruction.

Notability

notability 2.0/10

Routine SDK release, no traction mentioned.