Summary

• Adds a --sarif-file <path> CLI flag that saves SARIF output directly to a file, enabling easy integration with GitHub Code Scanning, VS Code, and other SARIF-compatible tools
• Previously --enable-sarif only printed to stdout, and there was no built-in way to write to a file (unlike --enable-gitlab-security which writes to gl-dependency-scanning-report.json automatically)

Note: --sarif-file implies --enable-sarif, so users don't need to pass both args

Changes

• Added sarif_file config field, --sarif-file CLI flag, and logic to imply the --enable-sarif flag in turn
• Changed output.py so that output_console_sarif now writes to the specified filepath in addtion to stdout
• Added 3 new unittests to cover file output, what happens when no file is configured, and nested dir creation
• Documented new CLI flag functionality in the README, and clarified the appropriate use case

Testing

• Confirmed all new unit tests pass
• Ran socketcli --sarif-file results.sarif against a representative repo
• Confirmed that a results.sarif file was output with valid syntax