The alert rules id in the generated file are not deterministic since they contain the image tag.

If we scan a given version alert are found (and they are uploaded to GitHub code scanning via the Sarif file) and then dismissed on GitHub, they will reappear on the next scan if the tag (eg: a version) changes.

I understand why the image name is parf of the alert id (in case there is more than one image on the same repo) but adding the version seems overkill and has the same id of alerts not being comparable (or even understand the magnitude of a given issue in a given org)

I think this is the line that defines the alert rule id