Add Symlinks Resolution and Source File Clarification to SARIF Reports (#30039)

Co-authored-by: Felicity Chapman <felicitymay@github.com>

content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md

@@ -63,7 +63,13 @@ SARIF files support both rules and results. The information stored in these elem
 
 When you compare SARIF files generated by analyzing different codebases with the same tool and rules, you should see differences in the results of the analyses but not in the rules.
 
-## Specifying the root for source files
+## Specifying the location for source files
+
+Specifying source file locations ensures code scanning alerts are displayed accurately within the file containing the identified problem, allowing for targeted issue resolution.
+
+This precision enhances the efficiency of code review and resolution processes, streamlining development workflows by enabling developers to address issues directly in the context of their codebase.
+
+### Specifying the root for source files
 
 {% data variables.product.prodname_code_scanning_caps %} interprets results that are reported with relative paths as relative to the root of the repository analyzed. If a result contains an absolute URI, the URI is converted to a relative URI. The relative URI can then be matched against a file committed to the repository.
 
@@ -86,6 +92,10 @@ file:///tmp/go-build/tmp.go          -> file:///tmp/go-build/tmp.go
 
 The file is successfully uploaded as both absolute URIs use the same URI scheme as the source root.
 
+### Resolving symlinks before generating SARIF results
+
+If the relative URI for a result is matched against a file defined using a symlink, code scanning is unable to display the result. So you need to resolve any symlinked files, and report any results in those files using the resolved URI.
+
 ## Validating your SARIF file
 
 <!--UI-LINK: When code scanning fails, the error banner shown in the Security > Code scanning alerts view links to this anchor.-->