when a results management system returns a SARIF file, it may usefully decorate a result with an instance id of some kind. following the 'automationId' property that already exists in the log file (to allow correlation of a log file with a broader automation effort), we should provide an id slot for a results management system to pass an identifier that uniquely identifies the result. a SARIF consumer could then use the id in a call to the results management system to do things like mark it as a false positive.
we could call this thing the 'automationId' as well.
when a results management system returns a SARIF file, it may usefully decorate a result with an instance id of some kind. following the 'automationId' property that already exists in the log file (to allow correlation of a log file with a broader automation effort), we should provide an id slot for a results management system to pass an identifier that uniquely identifies the result. a SARIF consumer could then use the id in a call to the results management system to do things like mark it as a false positive.
we could call this thing the 'automationId' as well.