microsoft/sarif-sdk v4.6.4

v4.6.4

Repository: microsoft/sarif-sdk

Tag: v4.6.4

Published: 2026-05-14T15:53:01Z

Prerelease: no

Release notes:

v4.6.4 Sdk | Driver | Converters | Multitool | Multitool Library

• BUGFIX: Drop the missing-partialFingerprints check from BaseProvideRequiredResultProperties (Base1015), which removes the firing for ADO1015/ADO1017 and GH1015/GH1017. Both Advanced Security for Azure DevOps and GitHub code scanning compute partialFingerprints automatically when omitted, so the error-level "this property is required by the {service} service" message was misleading. See GHAZDO third-party SARIF docs (Sprint 245 ruleId inclusion, Sprint 255 advancedsecurity.publish.allowmissingpartialfingerprints) and GitHub code scanning SARIF support — Fingerprint generation. AI producers are already advised against persisting fingerprints by AI2011.
• BRK: Rename Microsoft.CodeAnalysis.Sarif.Multitool.OptionsInterpretter (and its test class OptionsInterpretterTests) to OptionsInterpreter / OptionsInterpreterTests (single t). External callers of Sarif.Multitool.Library constructing new OptionsInterpretter(...) must update to new OptionsInterpreter(...).
• NEW: Add partition multitool verb that splits one SARIF log into many by strategy (PerRule (default), PerRunPerRule, PerRun, PerResult, PerRunPerTarget, PerRunPerTargetPerRule, PerIndexList). Wraps SarifPartitioner.Partition, so each output gets its tool.driver.rules and run.artifacts pruned to only what the partition references.
• NEW: Add SplittingStrategy.PerIndexList plus the --indices mini-language for explicit per-result bucket assignment: :,;:...|..., with bare-int shorthand for run 0 and SARIF URL fallback (sarif:/runs/X/results/Y, §3.10.3). Optional --spillover-bucket NAME captures uncovered results; --strict-coverage errors on uncovered results. Duplicate or out-of-range addresses error.
• NEW: Add public SDK helper Microsoft.CodeAnalysis.Sarif.Writers.PartitionFunctions (ForStrategy, ForIndexList, ParseIndexSpec, ResultAddress) to centralize partition-key derivation across SDK consumers.
• BUG: Fix System.ArgumentException: Illegal characters in path. thrown from MultithreadedAnalyzeCommandBase.IsOpcArtifact on .NET Framework when an artifact's URI yields a file path containing characters illegal in a Windows path (e.g., the ? of a URI query string, or |, `, "). The path is now sanitized via PathExtensions.ReplaceInvalidCharInFileName before being passed to Path.GetExtension`.
• BUG: Fix InvalidOperationException: Collection was modified thrown from Newtonsoft.Json.JsonSerializerInternalWriter.SerializeDictionary inside SarifLogger.Dispose on .NET Framework when SarifRewritingVisitor.VisitReportingDescriptor ran concurrently with serialization on a peer logger that shared the same ReportingDescriptor instance. The visitor now builds a new MessageStrings dictionary and assigns the field atomically, so any concurrent reader sees a stable dictionary that nobody is mutating.