SARIF (https://sarifweb.azurewebsites.net/) is an industry standard format for the output of static analysis tools. Tools such as ShiftLeft Scan (https://slscan.io/), GitHub Semmle etc support this standard. ShiftLeft Scan is a free open-source DevSecOps tool.

With the current design of insights, an API call is required to the annotations endpoint to submit for each finding. A tool such as ShiftLeft Scan, by being a multi-scanner, can generate 100s of security findings per invocation thus requiring a better integration approach.

Please treat this issue as a request to support and integrate using SARIF in addition to API. ShiftLeft Scan already works with Bitbucket pipelines and can produce output in SARIF format as discussed here

Thank you.