microsoft/sarif-sdk v4.6.2

v4.6.2

Repository: microsoft/sarif-sdk

Tag: v4.6.2

Published: 2026-04-27T23:30:01Z

Prerelease: no

Release notes:

v4.6.2 Sdk | Driver | Converters | Multitool | Multitool Library

• NEW: Add AI1003.ProvideRequiredRegionProperties validation rule — error when result locations lack a region or required region properties. Mirrors SARIF2017 at error level for AI profile.
• NEW: Add AI1004.ProvideVersionControlProvenance validation rule — error when run.versionControlProvenance is missing or empty. Ensures AI findings are traceable to source control.
• NEW: Add AI2006.ProvideMessageMarkdown validation rule — error when AI-generated findings do not include message.markdown.
• NEW: Add AI1007.ProvideExploitability validation rule — warns when result.properties["ai/exploitability"] is missing or contains an unrecognized value (valid: demonstrated, poc, theoretical). Follows the suppressions pattern (§3.27.23): exploitability must be present on all results or absent from all results; mixed presence is flagged as a data quality error.
• NEW: Add AI1012.ProvideAIHandoff validation rule — notes when run.properties["ai/handoff"] is missing or empty. This property is intended to provide human-readable handoff instructions for triaging and acting on AI-generated findings.
• NEW: Add SARIF2017.ProvideRequiredRegionProperties validation rule — warns when result locations lack a region or startLine. Fires in standard profile only (--rule-kind Sarif).
• NEW: Add RuleKind.AI to SARIF2010.ProvideCodeSnippets and SARIF2011.ProvideContextRegion so these rules fire under --rule-kind AI with no configuration file needed.
• DEL: Remove policies/ai.config.xml — AI validation now works zero-config via --rule-kind AI.