Fix: Don't omit 'run' if empty and fix omitted 'kind' and 'level' attributes in result

[attiasas]

Following:

• fix: Don't omit empty for default value items #104

Causing a lot of issues, if we are trying to unmarshal a report generated not by this tool or library (for example component written in other languages). making changes and then marshaling it.

---

We should not omit empty Runs:

if you try to upload to Github

Run github/codeql-action/upload-sarif@v3
Uploading code scanning results
Error details: instance requires property "runs"
Error: Unable to upload "jfrog_sast.sarif" as it is not valid SARIF:
- instance requires property "runs"

also mentioned in spec that is required:

• https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790732

'level' and 'kind' attributes can be calculated if omitted based on the spec:

• https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790897
• https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790898

If we are loading a report with those missing attributes and marshal again, we are not even getting the default values and only "" (since not omitted).

Error details: instance.runs[1].results[3].kind is not one of enum values: notApplicable,pass,fail,review,open,informational
Error details: instance.runs[1].results[3].level is not one of enum values: none,note,warning,error

I'm suggesting those values should be omitted. Github can also proccess them if omitted.

[owenrumney]

THanks @attiasas - this makes sense. I need to do a review of other places where the default is set by go-sarif but may not be set in other tools.

I'll merge this and do a new release in the meantime, thanks