Allow Users to Override help: markdown SARIF ouput in custom rules

[boveus]

Is your feature request related to a problem? Please describe.

There is not currently a way to modify the help: markdown: value in the SARIF. This refers to the text that will be displayed at the bottom of a GitHub Code Scanning alert (screenshot below). This value also refers to a hard coded to a link that points to the DevSkim repo. We cannot override this through the DevSkim tool itself, the rule, or actions options.

Describe the solution you'd like
Allow this field to be customizable through the devskim custom rule syntax.

Describe alternatives you've considered
We have considered implementing some sort of post-processing of the SARIF to enable the behavior we expect, but this seems brittle.

Additional context
The rule we tested this is run with the following general architecture:

• Devskim action
• Devskim custom rules in an NPM package
• Run devskim through the devskim actions workflow

[gfs]

Ah, I see this issue. We are setting the Text value in the Sarif based on the rule configured recommendation or description but the Markdown value is always left generic like so:

DevSkim/DevSkim-DotNet/Microsoft.DevSkim.CLI/Writers/SarifWriter.cs

Lines 205 to 208 in 6afdd9b

	// If recommendation is present use that, otherwise use description if present, otherwise use the HelpUri
	Text = !string.IsNullOrEmpty(devskimRule.Recommendation) ? devskimRule.Recommendation :
	(!string.IsNullOrEmpty(devskimRule.Description) ? devskimRule.Description : $"Visit {helpUri} for guidance on this issue."),
	Markdown = $"Visit [{helpUri}]({helpUri}) for guidance on this issue."

I should be able to make a quick fix for that. After which the best value to populate to have the string you want show up in the Sarif would be the Recommendation field of the rule specification:

DevSkim/DevSkim-DotNet/Microsoft.DevSkim/DevSkimRule.cs

Lines 14 to 16 in 6afdd9b

	[JsonProperty(PropertyName = "recommendation")]
	[JsonPropertyName("recommendation")]
	public string? Recommendation { get; set; }

For example:

DevSkim/rules/default/security/TLS/tls_go.json

Line 6 in 6afdd9b

"recommendation": "Review to ensure that a TLS protocol agility is maintained.",