OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only

SARIF converters for non-Microsoft tools

  • 1.  SARIF converters for non-Microsoft tools

    Posted 09-20-2017 14:08
    At the last TC meeting, I took an action to provide a list of non-Microsoft tools for which a converter is available in the SARIF SDK ( https://github.com/Microsoft/sarif-sdk ). This is the list: - Android Studio - CppCheck - Clang Static Analyzer - Fortify - Semmle QL In addition, there are converters for the Microsoft tools FxCop, Static Driver Verifier, and C++ Code Analysis ("PREfast"). The converters are under srcSarif.Converters in the repo. The easiest way to see the list is to look at the method CreateBuiltInConverters in the file BuiltInConverterFactory.cs in that directory. (For historical reasons, the PREfast converter is implemented separately, in C++, under srcPREfastXmlSarifConverter). Larry