-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Sarif reporting format #594
Comments
I can make the attempt if desired, but I learned with the github actions formatter it might not be desirable so wanted to ask/talk about it first. |
Following the initial link, I only saw references to it being a draft and not finalized. Though other documents I later found refer to it as approved with no draft mention. The docs for the Rust API seem to caution use of the lib itself. Also, any idea on how adoption of this has been so far? |
I learned about it playing with codeql (eslint template) on github actions. They recommend https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github So it feels like microsoft and github are both pushing for it. |
At times, it felt like I was reading about a security feature and at times it felt more broad. The alert tracking sounds nice, like it might offer some of the static analysis benefits of a tool I managed at a prior job that allowed adding new static analysis without being buried under the weight of the backlog. Overall, I would be in favor of this depending on the level of maturity of library support for it. Depending on how this evolves, we'd need to be prepared for how we expose versioning. Would we just do |
Since this is the typos project, I feel compelled to note: it’s SARIF, not SERIF. 😛 |
When coming up with a name for the project, I was tempted to make the name include a typo but figured that'd be too aggravating, either for people typing the command name (and spelling it correctly) or when running the command. |
I was wondering if anyone is working on this issue? I would like to add this support, but I am not a professional rust developer, so the code quality may be poor. |
OASIS Static Analysis Results Interchange Format is a newish standardization format for analysis tools.
It would be great if typos can support outputting that format.
Looks like there is already libraries to generate the format so it shouldn't be a hard lift.
The text was updated successfully, but these errors were encountered: