OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only
  • 1.  propose to close five issues

    Posted 11-28-2018 00:57
    I’ve made a pass through all active SARIF issues, found some duplicates, fixed various labels. I collapsed some issues into single tracking item (most notably analysis scope below and a bucket bug around categorizing results).   As part of that work, I propose to close a small # of issues. They are marked ‘propose-to-close’ for one of the following reasons: 1) no significant activity from the TC, 2) no specificity, energy or active advocacy, 3) likely not important, 4) good topic for a future version (in which case I’ve marked the issue as ‘future’   If you’d like to ‘save’ one of these issues, speak up and I’ll reopen.   **Yekaterina**: your concern around incremental analysis is definitely one to keep an eye on. If we encounter anything specific to support this scenario you’d like to see in the format, we should open issues for them. I’ve proposed closing this one due to the lack of any definite proposal. If you want it to remain open for any reason, though, just let me know.   Michael   https://github.com/oasis-tcs/sarif-spec/issues?q=is%3Aissue+is%3Aopen+label%3Apropose-to-close   Explore static text for clickthrough links #261 https://github.com/oasis-tcs/sarif-spec/issues/261   Support for incremental scan results #198 https://github.com/oasis-tcs/sarif-spec/issues/198   Add run.analysisScope property #180 https://github.com/oasis-tcs/sarif-spec/issues/180   Add language around signing SARIF files in spec #85 https://github.com/oasis-tcs/sarif-spec/issues/85   Consider adding field for cryptographically secure digital signing #47 https://github.com/oasis-tcs/sarif-spec/issues/47   Consider adding support for metrics #44 : marked as ‘future’ https://github.com/oasis-tcs/sarif-spec/issues/44


  • 2.  RE: propose to close five issues

    Posted 11-28-2018 01:56
    I am fine with closing issue #198 (support for incremental analysis) as I don’t have any concrete proposals, except for what is mentioned in the issue around the ability to identify when each result appeared and disappeared, which seems to be related to issue #285 (associating result with an invocation), which is still under consideration.   k   From: sarif@lists.oasis-open.org [mailto:sarif@lists.oasis-open.org] On Behalf Of Michael Fanning Sent: Tuesday, November 27, 2018 4:56 PM To: OASIS SARIF TC Discussion List <sarif@lists.oasis-open.org> Subject: [sarif] propose to close five issues   I’ve made a pass through all active SARIF issues, found some duplicates, fixed various labels. I collapsed some issues into single tracking item (most notably analysis scope below and a bucket bug around categorizing results).   As part of that work, I propose to close a small # of issues. They are marked ‘propose-to-close’ for one of the following reasons: 1) no significant activity from the TC, 2) no specificity, energy or active advocacy, 3) likely not important, 4) good topic for a future version (in which case I’ve marked the issue as ‘future’   If you’d like to ‘save’ one of these issues, speak up and I’ll reopen.   **Yekaterina**: your concern around incremental analysis is definitely one to keep an eye on. If we encounter anything specific to support this scenario you’d like to see in the format, we should open issues for them. I’ve proposed closing this one due to the lack of any definite proposal. If you want it to remain open for any reason, though, just let me know.   Michael   https://github.com/oasis-tcs/sarif-spec/issues?q=is%3Aissue+is%3Aopen+label%3Apropose-to-close   Explore static text for clickthrough links #261 https://github.com/oasis-tcs/sarif-spec/issues/261   Support for incremental scan results #198 https://github.com/oasis-tcs/sarif-spec/issues/198   Add run.analysisScope property #180 https://github.com/oasis-tcs/sarif-spec/issues/180   Add language around signing SARIF files in spec #85 https://github.com/oasis-tcs/sarif-spec/issues/85   Consider adding field for cryptographically secure digital signing #47 https://github.com/oasis-tcs/sarif-spec/issues/47   Consider adding support for metrics #44 : marked as ‘future’ https://github.com/oasis-tcs/sarif-spec/issues/44