- Permissions: The following Cortex Cloud user roles or RBAC permissions are required:
- User roles:
- Cortex Cloud Instance Administrator
- AppSec Administrator
- RBAC:
- View/Edit permissions for Data Sources configurations are required when not using a dedicated user role.
- User roles:
- Repository Identification: The repository must already be onboarded in Cortex Cloud before SARIF findings for that repository can be uploaded. To identify the target repository, you must provide at least one of the following query parameters:
repository_id— The repository asset ID. This is theidfield (SHA-256 hash format) returned by theGET /public_api/appsec/v1/repositoriesendpoint.repository_url— The repository URL (for example,https://github.com/owner/repo).- Either
repository_idorrepository_urlmust be provided. Both can be provided simultaneously. If neither is provided, the request returns a 400 error.
- SARIF specifications: The following table outlines the mandatory and optional JSON fields required to successfully validate and ingest SAST findings.
| Field | Required | Description |
|---|---|---|
version |
Yes | Must be "2.1.0" |
tool.driver.name |
Yes | Analysis tool name |
driver.rules or extensions[].rules |
Yes | At least one rule definition |
results[].ruleId |
Yes | Must match a defined rule id |
results[].message.text |
Yes | Finding description |
results[].locations[].physicalLocation.artifactLocation.uri |
Yes | File path |
results[].locations[].physicalLocation.region.startLine |
Yes | Line number |
results[].level |
Yes | error | warning | note | none. Defaults to High |