In the TC meeting of September 20, we discussed supporting the notion of a result "taxonomy", which the Common Weakness Enumeration as the canonical example. I have uploaded a proposal to address this issue. In the OASIS TC SARIF GitHub repo, please see the document Documents/ChangeDrafts/sarif-v1.0-issue-3-taxonomies.docx:
https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/sarif-v1.0-issue-3-taxonomies.docx In particular, please see the following change-barred sections: Section 3.17.16: result.taxonomies property (page 41) Section 3.34: classification object (pages 72-73). I'd like to discuss this at tomorrow's TC meeting. It's quite short. Thanks, Larry