OASIS Static Analysis Results Interchange Format (SARIF) TC

  • 1.  Change draft for #159 (Id property renames) and #166 (engineering system conformance profile)

    Posted 05-09-2018 00:09
    I pushed a change draft for these two issues:   Issue #159 , “Id property renames” Issue #166 , “Define an ‘engineering system’ conformance profile”   The change draft is here:   Documents/ChangeDrafts/Active/sarif-v2.0-issues-158-166-id-properties-and-engineering-system-profile.docx   In a previous email, I explained the rationale for adding the “engineering system” performance profile. The rationale for the property name changes is in Issue #159 , but I reproduce it here for your convenience:   … [W]e now understand the distinction between globally unique "instance identifiers" (like the identifier that uniquely identifies the reporting of a result in a specific run) and "logical identifiers" (like the identifier that tells you that this is the x86 variant of the nightly security tools run). We want to define the "instance identifiers" as GUIDs, we want to define the logical identifiers as "hierarchical strings", and we want the property names to make that distinction explicit to the reader of the log file. ... run.id  ?  run.instanceGuid run.stableId  ?  run.logicalId run.baselineId  ?  run.baselineInstanceGuid run.automationId  ?  run.automationLogicalId result.id  ?  result.instanceGuid Add  result.correlationGuid  (we'd previously thought of calling it  correlationId ). NOTE: We will add this property when we implement  #158 .   Thanks, Larry    


  • 2.  RE: [sarif] Change draft for #159 (Id property renames) and #166 (engineering system conformance profile)

    Posted 05-09-2018 00:33
    I forgot the usual formula: “I will move its adoption at TC #17 on May 16 th ”.   From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of Larry Golding (Comcast) Sent: Tuesday, May 8, 2018 5:07 PM To: sarif@lists.oasis-open.org Subject: [sarif] Change draft for #159 (Id property renames) and #166 (engineering system conformance profile) Importance: High   I pushed a change draft for these two issues:   Issue #159 , “Id property renames” Issue #166 , “Define an ‘engineering system’ conformance profile”   The change draft is here:   Documents/ChangeDrafts/Active/sarif-v2.0-issues-158-166-id-properties-and-engineering-system-profile.docx   In a previous email, I explained the rationale for adding the “engineering system” performance profile. The rationale for the property name changes is in Issue #159 , but I reproduce it here for your convenience:   … [W]e now understand the distinction between globally unique "instance identifiers" (like the identifier that uniquely identifies the reporting of a result in a specific run) and "logical identifiers" (like the identifier that tells you that this is the x86 variant of the nightly security tools run). We want to define the "instance identifiers" as GUIDs, we want to define the logical identifiers as "hierarchical strings", and we want the property names to make that distinction explicit to the reader of the log file. ... run.id  ?  run.instanceGuid run.stableId  ?  run.logicalId run.baselineId  ?  run.baselineInstanceGuid run.automationId  ?  run.automationLogicalId result.id  ?  result.instanceGuid Add  result.correlationGuid  (we'd previously thought of calling it  correlationId ). NOTE: We will add this property when we implement  #158 .   Thanks, Larry    


  • 3.  RE: [sarif] Change draft for #159 (Id property renames) and #166 (engineering system conformance profile)

    Posted 05-14-2018 21:19
    I botched both the title and the link for the change draft. Here it is:   Documents/ChangeDrafts/Active/sarif-v2.0-issues-159-166-id-properties-and-engineering-system-profile.docx   Larry   From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of Larry Golding (Comcast) Sent: Tuesday, May 8, 2018 5:30 PM To: sarif@lists.oasis-open.org Subject: RE: [sarif] Change draft for #159 (Id property renames) and #166 (engineering system conformance profile)   I forgot the usual formula: “I will move its adoption at TC #17 on May 16 th ”.   From: sarif@lists.oasis-open.org < sarif@lists.oasis-open.org > On Behalf Of Larry Golding (Comcast) Sent: Tuesday, May 8, 2018 5:07 PM To: sarif@lists.oasis-open.org Subject: [sarif] Change draft for #159 (Id property renames) and #166 (engineering system conformance profile) Importance: High   I pushed a change draft for these two issues:   Issue #159 , “Id property renames” Issue #166 , “Define an ‘engineering system’ conformance profile”   The change draft is here:   Documents/ChangeDrafts/Active/sarif-v2.0-issues-158-166-id-properties-and-engineering-system-profile.docx   In a previous email, I explained the rationale for adding the “engineering system” performance profile. The rationale for the property name changes is in Issue #159 , but I reproduce it here for your convenience:   … [W]e now understand the distinction between globally unique "instance identifiers" (like the identifier that uniquely identifies the reporting of a result in a specific run) and "logical identifiers" (like the identifier that tells you that this is the x86 variant of the nightly security tools run). We want to define the "instance identifiers" as GUIDs, we want to define the logical identifiers as "hierarchical strings", and we want the property names to make that distinction explicit to the reader of the log file. ... run.id  ?  run.instanceGuid run.stableId  ?  run.logicalId run.baselineId  ?  run.baselineInstanceGuid run.automationId  ?  run.automationLogicalId result.id  ?  result.instanceGuid Add  result.correlationGuid  (we'd previously thought of calling it  correlationId ). NOTE: We will add this property when we implement  #158 .   Thanks, Larry