{ "version": "2.1.0", "$schema": "http://json.schemastore.org/sarif-2.1.0-rtm.5", "runs": [ { "tool": { "driver": { "name": "Security Auditor Antigravity", "version": "1.0.0", "rules": [ { "id": "Unsafe HTML rendering pattern" }, { "id": "Server boundary without obvious input validation" }, { "id": "LLM endpoint with prompt injection exposure" }, { "id": "Potential SSRF pattern" }, { "id": "Hardcoded credential material" } ] } }, "results": [ { "ruleId": "Unsafe HTML rendering pattern", "level": "error", "message": { "text": "dangerouslySetInnerHTML found" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "scripts/security-audit.js" }, "region": { "startLine": 123 } } } ] }, { "ruleId": "Unsafe HTML rendering pattern", "level": "error", "message": { "text": "dangerouslySetInnerHTML found" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "scripts/security-audit.js" }, "region": { "startLine": 125 } } } ] }, { "ruleId": "Server boundary without obvious input validation", "level": "error", "message": { "text": "Request input usage" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "scripts/security-audit.js" }, "region": { "startLine": 143 } } } ] }, { "ruleId": "LLM endpoint with prompt injection exposure", "level": "error", "message": { "text": "LLM SDK call" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "scripts/security-audit.js" }, "region": { "startLine": 148 } } } ] }, { "ruleId": "Potential SSRF pattern", "level": "error", "message": { "text": "Server-side outbound request" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "scripts/security-audit.js" }, "region": { "startLine": 153 } } } ] }, { "ruleId": "Hardcoded credential material", "level": "error", "message": { "text": "Secret-like token or private key marker detected" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "scripts/security-audit.js" }, "region": { "startLine": 158 } } } ] } ] } ] }