OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only
  • 1.  sarif-schema.json updates?

    Posted 10-10-2018 21:17
    Larry (or others): Is anyone working on updating the json schema file? I could really use a version that is compatible with Committee Specification Draft 02 (2.0.0-beta.2018-09-26). I'll do it myself if necessary, but I don't want to duplicate effort. Also, I imagine it is tricky to keep this in sync with the changes to the .docx file. Do you have any particular methodology for this? Or is it just a matter of carefully going through the changes one by one? -Paul -- Paul Anderson, VP of Engineering, GrammaTech, Inc. 531 Esty St., Ithaca, NY 14850 Tel: +1 607 273-7340 x118; http://www.grammatech.com


  • 2.  RE: [sarif] sarif-schema.json updates?

    Posted 10-10-2018 21:20
    Our process up until now has been to make the changes in the copy of the schema in the sarif-sdk repo, update the code and tests to match, make sure everything works, and then copy it back to the sarif-spec repo. We got behind and haven t finished doing that for TC #24. Michael is working on it now. And yes, it's a matter of being super-careful to keep the schema in sync with the words in the spec. The "Schema changes" document helps by summarizing the changes (so I guess that counts as our "methodology" to the extent that we have one). Larry


  • 3.  Re: [sarif] sarif-schema.json updates?

    Posted 10-11-2018 15:14
    Larry: Thanks! This is extremely helpful. -Paul On 10/10/2018 5:20 PM, Larry Golding (Myriad Consulting Inc) wrote: Our process up until now has been to make the changes in the copy of the schema in the sarif-sdk repo, update the code and tests to match, make sure everything works, and then copy it back to the sarif-spec repo. We got behind and haven t finished doing that for TC #24. Michael is working on it now. And yes, it's a matter of being super-careful to keep the schema in sync with the words in the spec. The "Schema changes" document helps by summarizing the changes (so I guess that counts as our "methodology" to the extent that we have one). Larry