OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only
  • 1.  status update

    Posted 10-15-2019 17:55
    Hi all,   I just wanted to clarify where we are with respect to SARIF. Are we still waiting on three SOUs? ( https://github.com/oasis-tcs/sarif-spec/blob/master/Plans.md ) We at Fortify need to provide an update to our management about the expected release of the standard.   Thanks! k


  • 2.  Re: [sarif] status update

    Posted 10-15-2019 18:31
    Katrina, Yes, we have one SoU from the SWAMP, and we need two more to proceed. One of them needs to be from an OASIS Organizational Member. It is good planning to have more than we need, so it is fine if we end up with four or more SoUs. My estimate is that once we get three or more SoUs, if all goes well, we can have a published standard about 18 weeks later. I am tracking our progress in the following github document. https://github.com/oasis-tcs/sarif-spec/blob/master/Plans.md David On 2019-10-15 10:54, Yekaterina O'Neil wrote: Hi all, I just wanted to clarify where we are with respect to SARIF. Are we still waiting on three SOUs? ( https://github.com/oasis-tcs/sarif-spec/blob/master/Plans.md ) We at Fortify need to provide an update to our management about the expected release of the standard. Thanks! k


  • 3.  Re: [sarif] status update

    Posted 10-15-2019 18:37
    By the way, if anyone needs help creating a Statement of Use, please let me know. If you would like to look at an example, here is the one we have so far. https://www.oasis-open.org/committees/document.php?document_id=65816&wg_abbrev=sarif David


  • 4.  RE: [sarif] status update

    Posted 10-15-2019 18:47
    Thank you, David! If I recall correctly, we've established that Micro Focus cannot really supply a statement of use, but perhaps somebody from NIST could? They used it for SATE. What about anybody else on this list? k


  • 5.  Re: [sarif] status update

    Posted 10-15-2019 18:54
    Also, if you can think of anyone outside the TC who uses the current version of SARIF, they can submit an SoU as well. David On 2019-10-15 11:45, Yekaterina O'Neil wrote: Thank you, David! If I recall correctly, we've established that Micro Focus cannot really supply a statement of use, but perhaps somebody from NIST could? They used it for SATE. What about anybody else on this list? k


  • 6.  Re: [sarif] status update

    Posted 10-15-2019 19:02
    One more thought. If any of you are using some parts of an old version of SARIF, but other parts of the current version, you can submit an SoU that just covers the parts that are current. As you can see from the example, the SoU lists the clauses of the current version to which you conform. David


  • 7.  Re: [sarif] status update

    Posted 10-28-2019 18:22
      |   view attached
    David: I have written our SOU and have attached it. Do I need to upload it somewhere? -Paul On 10/15/2019 3:01 PM, David Keaton wrote: One more thought. If any of you are using some parts of an old version of SARIF, but other parts of the current version, you can submit an SoU that just covers the parts that are current. As you can see from the example, the SoU lists the clauses of the current version to which you conform. David --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php -- Paul Anderson, VP of Engineering, GrammaTech, Inc. 531 Esty St., Ithaca, NY 14850 Tel: +1 607 273-7340 x118; http://www.grammatech.com Attachment: SARIF 2.1.0 Statement of Use - GrammaTech.docx Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document

    Attachment(s)



  • 8.  Re: [sarif] status update

    Posted 10-28-2019 18:31
    Paul, Excellent! Thanks for doing that. The only thing remaining for you to do at this point is to "print" it on company letterhead (as a PDF) and add your signature. Then you can send the result to me and I will keep track of it for our records and put it in the TC's document archives for everyone to access. David On 2019-10-28 11:21, Paul Anderson wrote: David: I have written our SOU and have attached it. Do I need to upload it somewhere? -Paul On 10/15/2019 3:01 PM, David Keaton wrote: One more thought. If any of you are using some parts of an old version of SARIF, but other parts of the current version, you can submit an SoU that just covers the parts that are current. As you can see from the example, the SoU lists the clauses of the current version to which you conform. David --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


  • 9.  Re: [sarif] status update

    Posted 10-28-2019 18:35
    OK. Will do. -Paul On 10/28/2019 2:30 PM, David Keaton wrote: Paul, Excellent! Thanks for doing that. The only thing remaining for you to do at this point is to "print" it on company letterhead (as a PDF) and add your signature. Then you can send the result to me and I will keep track of it for our records and put it in the TC's document archives for everyone to access. David On 2019-10-28 11:21, Paul Anderson wrote: David: I have written our SOU and have attached it. Do I need to upload it somewhere? -Paul On 10/15/2019 3:01 PM, David Keaton wrote: One more thought. If any of you are using some parts of an old version of SARIF, but other parts of the current version, you can submit an SoU that just covers the parts that are current. As you can see from the example, the SoU lists the clauses of the current version to which you conform. David --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php -- Paul Anderson, VP of Engineering, GrammaTech, Inc. 531 Esty St., Ithaca, NY 14850 Tel: +1 607 273-7340 x118; http://www.grammatech.com


  • 10.  Re: [sarif] status update

    Posted 10-28-2019 19:30
      |   view attached
    David: Here's that PDF. -Paul On 10/28/2019 2:34 PM, Paul Anderson wrote: OK. Will do. -Paul On 10/28/2019 2:30 PM, David Keaton wrote: Paul, Excellent! Thanks for doing that. The only thing remaining for you to do at this point is to "print" it on company letterhead (as a PDF) and add your signature. Then you can send the result to me and I will keep track of it for our records and put it in the TC's document archives for everyone to access. David On 2019-10-28 11:21, Paul Anderson wrote: David: I have written our SOU and have attached it. Do I need to upload it somewhere? -Paul On 10/15/2019 3:01 PM, David Keaton wrote: One more thought. If any of you are using some parts of an old version of SARIF, but other parts of the current version, you can submit an SoU that just covers the parts that are current. As you can see from the example, the SoU lists the clauses of the current version to which you conform. David --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php -- Paul Anderson, VP of Engineering, GrammaTech, Inc. 531 Esty St., Ithaca, NY 14850 Tel: +1 607 273-7340 x118; http://www.grammatech.com Attachment: SARIF 2.1.0 Statement of Use - GrammaTech.pdf Description: Adobe PDF document

    Attachment(s)