OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only
  • 1.  Re: [sarif] Draft IANA registration for media type application/sarif+json

    Posted 04-03-2020 19:41
    Larry, Two comments on other fields and other answers below. The other field look good to me. Thanks, Jim -------- For the contact for further information field should the OASIS SARIF mailing list be included in addition (or place of)? I don't know if this is used for completing registration process or for long term contact information. For long term, an OASIS email might good to have as it might exist after you Michael retire. -------- For the Intended Usage field something be added to the free form field such as: Intended to be used by the software development community as a common interchange format for the results of static analysis tools. On 4/3/20 1:05 PM, Larry Golding (Myriad Consulting Inc) wrote: Please take a look and give feedback. * I don’t know what to put for “interoperability consideration”. I would say "None". Based on the examples in RFC 6838, I do not think that there are any known interoperability issues, nor can I think of any. * I don’t know what to put for “restrictions on usage”. I would say "None" base on RFC 6838. * The list of “applications that use this media type” isn’t intended to be exhaustive, but if you want to add something (especially I think Jim will want to add some SWAMP tools) just let me know. I think that you can just add SWAMP (Software Assurance Marketplace, www.continuousassurance.org) The SWAMP can produce SARIF output from all the tools in available in the SWAMP (still waiting for a bit of UI work to make it publicly available). * Also if I’ve misnamed any of the tools please let me know. CodeHawk-C was formerly KT-Advance. * Let me know if you want to provide something for “Any other information” at the bottom. --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


  • 2.  RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json

    Posted 04-03-2020 19:53
      |   view attached
    Thanks, Jim, that's very helpful. Here's an update. The next step (optional, but "strongly encouraged" by RFC 6838 §5.1) is to solicit "community review" by sending our draft to media-type@iana.org. After that we can submit our "Application for Media Type" using the online form at https://www.iana.org/form/media-types . I'll wait until Monday afternoon to give everybody else a chance to comment. Thanks, Larry

    Attachment(s)

    txt
    sarif-media-type.txt   2 KB 1 version


  • 3.  RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json

    Posted 04-03-2020 23:40
    I am not sure we're already using sarif+json media type -- is this an issue? k


  • 4.  Re: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json

    Posted 04-06-2020 13:57
    Larry et al - When you are ready to submit, please hand it off to me. I will get the ball rolling on the media-type@ mailing list. Thanks, /chet On Fri, Apr 3, 2020 at 7:40 PM Yekaterina O'Neil < katrina@microfocus.com > wrote: I am not sure we're already using sarif+json media type -- is this an issue? k