Add a --sarif output mode so teams can upload MCP risk findings into GitHub code scanning alerts.\n\nAcceptance criteria:\n- mcp-risk scan . --sarif prints SARIF JSON\n- Findings include severity, location, rule id, and recommendation\n- Add tests for SARIF output shape
Add a
--sarifoutput mode so teams can upload MCP risk findings into GitHub code scanning alerts.\n\nAcceptance criteria:\n-mcp-risk scan . --sarifprints SARIF JSON\n- Findings include severity, location, rule id, and recommendation\n- Add tests for SARIF output shape