[C-safe-secure-studygroup] Static Analysis Results Interchange Format (SARIF)
Barton Miller
bart at cs.wisc.edu
Thu May 28 17:08:53 BST 2020
My group at UW-Madison was involved in this standards effort. We had
previous developed the SCARF format for SAST tools, including modules to
convert the output of many common tools into SCARF. And modules to read
and process SCARF. As we worked on the SARIF standard, we developed
code to process and generate SARIF.
You can find our SCARF documentation and code at
https://github.com/mirswamp/swamp-scarf-io/
and SARIF documentation and code at
https://github.com/mirswamp/swamp-sarif-io
The folks at CodeDX have worked with us and access tool output in SCARF
and SARIF.
--bart miller
On 2020-05-28 9:47 AM, rcseacord at gmail.com wrote:
>
> Does anyone have any knowledge or experience of Static Analysis
> Results Interchange Format (SARIF)? It looks like a nice idea to have
> a standard interchange format for results of static analysis tools -
> as part of our work with the GitHub Security Coalition it looks like
> it could offer SAST tools a nice way to allow their outputs to easily
> integrate into workflows such as GitHub Actions.
>
>
>
> Any info/insights/knowledge of SARIF all welcome.
>
>
>
> https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html#_Toc10127598
>
>
>
>
> Thanks,
> rCs
>
> _______________________________________________
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20200528/179a67f6/attachment-0001.html>
More information about the C-safe-secure-studygroup
mailing list