Larry, Maybe we are being too specific. For example, if you look at the description for application/sql, it just says "Databases and related tools" instead of listing product names.
https://tools.ietf.org/html/rfc6922 What if we went through the conformance clauses and picked out generic descriptions for tools, such as "static analyzers," "static analysis results visualization tools," etc. (still keeping the list labeled as not exhaustive)? Does that sound reasonable to you? David On 4/3/20 4:51 PM, Larry Golding (Myriad Consulting Inc) wrote: Oh! That is a very interesting point. Maybe I was answering the wrong question. I was answering the question "What applications use SARIF files?". I was not answering the question "What applications currently use application/sarif+json" to designate SARIF files?" Because the answer to _that_ question is "None" ð David, what should I be doing here?
Original Message----- From: Yekaterina O'Neil <katrina@microfocus.com> Sent: Friday, April 3, 2020 4:49 PM To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json I am not sure :) I was just referring to the document you sent where it says: " Applications that use this media type: The following list is not exhaustive: - CodeHawk-C - Fortify ... " k