WIP: changes for sarif format

[prashbnair]

@arajkumar @deepak1725 This is a WIP PR, i wanted some feedback on the approach.

This implements the SARIF output for maven, npm and python. GoLang need to be incorporated.

Command : crda analyse -v -s

[codecov-commenter]

Codecov Report

Merging #48 (9731cc1) into main (902e40f) will decrease coverage by 2.66%.
The diff coverage is 1.40%.

@@            Coverage Diff             @@
##             main      #48      +/-   ##
==========================================
- Coverage   35.74%   33.07%   -2.67%     
==========================================
  Files          23       24       +1     
  Lines         831      901      +70     
==========================================
+ Hits          297      298       +1     
- Misses        506      575      +69     
  Partials       28       28              

Impacted Files	Coverage Δ
analyses/verbose/helper.go	75.96% <ø> (ø)
analyses/verbose/sarif_helper.go	0.00% <0.00%> (ø)
cmd/analyse.go	12.50% <50.00%> (+1.86%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 902e40f...9731cc1. Read the comment docs.

[deepak1725]

Crashing on 0 Vulnerabilities/Issues

[deepak1725]

Minor fixes

[deepak1725]

Suggested change

	// RegexDependencyLocator --relevant comment--

In Golang, every exported member has a relevant comment

[deepak1725]

Suggested change

	// ProcessSarif -- a valid comment can be added--

ditto for other exported members

[deepak1725]

Fatal exits with exit code 1, will not go to the next step

[deepak1725]

ditto

[deepak1725]

Suggested change

	report.Write(os.Stdout)
	err = report.Write(os.Stdout)
	if err != nil {
	return false, err
	}

[deepak1725]

i feel LocateDependency is not imported outside of this package, No point in exporting it.

It should be locateDependency

[deepak1725]

ditto, can be setUp
All non-exported members start with lowercase letter