Add a post-processing step or flag (e.g., --publish-insights) that parses the SARIF file and uses Bitbucket’s native Code Insights API to post the findings directly onto the Pull Request.
Why it matters: It converts those raw stdout alerts into beautiful, inline code annotations pointing exactly to the problematic line of code directly inside the code review UI.
Add a post-processing step or flag (e.g., --publish-insights) that parses the SARIF file and uses Bitbucket’s native Code Insights API to post the findings directly onto the Pull Request.
Why it matters: It converts those raw stdout alerts into beautiful, inline code annotations pointing exactly to the problematic line of code directly inside the code review UI.