fix(sarif): Use level variable for detector status handling Fix for issue #1122: Implement support for setting SARIF report level based on detector enabled/disabled status. This commit adds a level variable that can be computed based on whether the detector is enabled or disabled from the platform configuration. Currently defaults to "error" for all detectors, but provides the framework for checking detector status and setting level to "note" for disabled detectors as proposed in issue #1122. Changes: - Added level variable computation in _create_sarif_result_dict() - Updated SARIF result to use dynamic level variable instead of hardcoded "error" - Added TODO comment for implementing platform detector status check

kl2400033266 · web-flow · commit 70c6ad44d9fa · 2025-11-27T12:22:18.000+05:30
Added logic to determine level based on detector status and included a TODO for future enhancements.
diff --git a/ggshield/verticals/secret/output/secret_sarif_output_handler.py b/ggshield/verticals/secret/output/secret_sarif_output_handler.py
@@ -100,10 +100,13 @@ def _create_sarif_result_dict(
     markdown_message += f"\nMatches:\n{matches_li}"
 
     # Create dict
+        # Determine level based on detector status (fix for issue #1122)
+    # TODO: Add logic to check if detector is enabled/disabled from platform
+    level = "error"  # Default to error, should be "note" if detector is disabled
+    
     dct = {
         "ruleId": secret.detector_display_name,
-        "level": "error",
-        "message": {
+        "level": level,        "message": {
             "text": message,
             "markdown": markdown_message,
         },
