OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only
  • 1.  Can't locate issue

    Posted 09-11-2023 15:55
    I ve been unable to locate the issue regarding the next gen recommendations for extending SARIF beyond static analysis. As such, I can t add my comments regarding use cases provided for in the AVCDL. Hints would be appreciated. Charles Wilson Senior Principal Engineer, Cybersecurity Development Lifecycle Practice charles.wilson@motional.com This email contains information belonging to Motional AD LLC or its affiliates and may contain confidential, proprietary, copyrighted and/or privileged information. Any unauthorized review, use, reliance, disclosure, distribution or copying is prohibited. If you are not the intended recipient, immediately destroy all copies of the original email and any attachments and contact the sender by reply email.


  • 2.  Re: [sarif] Can't locate issue

    Posted 09-11-2023 16:07
    Charles, I sent this reply personally but it must have ended up in your spam folder. The document to be modified is here. https://github.com/oasis-tcs/sarif-spec/blob/main/Future.md You can create a pull request against it, or if you don't feel comfortable doing that, you can create a new github issue. David On 2023-09-11 09:54, Charles Wilson wrote: I ve been unable to locate the issue regarding the next gen recommendations for extending SARIF beyond static analysis. As such, I can t add my comments regarding use cases provided for in the AVCDL. Hints would be appreciated. Charles Wilson Senior Principal Engineer, Cybersecurity Development Lifecycle Practice charles.wilson@motional.com This email contains information belonging to Motional AD LLC or its affiliates and may contain confidential, proprietary, copyrighted and/or privileged information. Any unauthorized review, use, reliance, disclosure, distribution or copying is prohibited. If you are not the intended recipient, immediately destroy all copies of the original email and any attachments and contact the sender by reply email.


  • 3.  Re: [sarif] Can't locate issue

    Posted 09-11-2023 16:08
    Hi, On Mon, Sep 11, 2023, at 17:54, Charles Wilson wrote: I ve been unable to locate the issue regarding the next gen recommendations for extending SARIF beyond static analysis. As such, I can t add my comments regarding use cases provided for in the AVCDL. Hints would be appreciated. Charles Wilson [...] I think you can :-) Looking at  https://github.com/oasis-tcs/sarif-spec/blob/main/meeting_minutes/230810_SARIF_TC_78.md#63-review-of-action-items-secretary-stefan  there is a link to the markdown document  https://github.com/oasis-tcs/sarif-spec/blob/main/Future.md  where I understood that you use a pull request (not an issue) to amend with any such use cases. Cheers, Stefan --- Stefan Hagen, Emmetten, Nidwalden, Switzerland. read: https://stefan-hagen.website write: stefan@hagen.link