OASIS Static Analysis Results Interchange Format (SARIF) TC

  • 1.  Updated Schedule

    Posted 07-15-2019 02:36
    At last week's meeting, I took an action item to update the dates in our delivery schedule. I have posted the following document, which contains the original explanations of each stage with an updated schedule at the end. https://www.oasis-open.org/committees/document.php?document_id=65622&wg_abbrev=sarif That document is very general. Below I list the more specific events and dates I used to determine the updated schedule. The actual actions might happen a little sooner or a little later than my assumed schedule, depending on how things go. Please note that it is a good idea to start preparing the Statements of Use now. You can update them with the proper document reference and dates when the Special Majority Vote for Committee Specification closes. David --- Committee Specification Special Majority Vote 2019-07-26 ~ 2019-08-02 Statements of Use: Get ready now, submit when SMV closes 2019-08-09 Ballot to request Candidate OASIS Standard SMV 2019-08-09 ~ 2019-08-16 Candidate OASIS Standard SMV 2019-08-30 ~ 2019-09-06 Candidate OASIS Standard 60-day public review 2019-09-06 ~ 2019-11-05 Ballot to approve non-material changes due to review comments and request SMV to proceed with Call for Consent 2019-11-12 ~ 2019-11-19 SMV to begin Call for Consent for OASIS Standard 2019-11-20 ~ 2019-11-27 Call for Consent for OASIS Standard 2019-12-02 ~ 2019-12-16 OASIS Standard 2019-12-16


  • 2.  RE: [sarif] Updated Schedule

    Posted 07-15-2019 18:30
    Thank you, David! I do have a couple of questions about statement of use (I might have missed earlier discussions of these): - does everyone on the TC need to submit statement of use? - what happens if we don't currently use the standard, but are planning in the future? - what is the format of the document? Is there a template? Thank you! k


  • 3.  Re: [sarif] Updated Schedule

    Posted 07-15-2019 19:48
      |   view attached
    Katrina, Only three Statements of Use are needed. One of them has to be from an OASIS organizational member. Microsoft will submit one, and they are an organizational member, so we are covered there. The Statements of Use will be available for inspection by the TC, so I can share the attached as an example. It turns out that we will need to reference the Committee Specification instead of the CSD, but Jim did a great job putting everything that is required into it. For complete detail on what needs to be in a Statement of Use, the following definition explains it well. https://www.oasis-open.org/policies-guidelines/oasis-defined-terms-2018-05-22#dStatementUse David On 7/15/19 11:29 AM, Yekaterina O'Neil wrote: Thank you, David! I do have a couple of questions about statement of use (I might have missed earlier discussions of these): - does everyone on the TC need to submit statement of use? - what happens if we don't currently use the standard, but are planning in the future? - what is the format of the document? Is there a template? Thank you! k

    Attachment(s)

    pdf
    SWAMP_SARIF_SOU_May2019.pdf   348 KB 1 version


  • 4.  Re: [sarif] Updated Schedule

    Posted 07-15-2019 19:50
    Katrina, Sorry, I just realized that I didn't answer your second question. The Statements of Use are only for organizations that currently use the standard. We need to have three of those total. An organization that does not yet use the standard will not submit a Statement of Use. David On 7/15/19 12:48 PM, David Keaton wrote: Katrina, Only three Statements of Use are needed. One of them has to be from an OASIS organizational member. Microsoft will submit one, and they are an organizational member, so we are covered there. The Statements of Use will be available for inspection by the TC, so I can share the attached as an example. It turns out that we will need to reference the Committee Specification instead of the CSD, but Jim did a great job putting everything that is required into it. For complete detail on what needs to be in a Statement of Use, the following definition explains it well. https://www.oasis-open.org/policies-guidelines/oasis-defined-terms-2018-05-22#dStatementUse David On 7/15/19 11:29 AM, Yekaterina O'Neil wrote: Thank you, David! I do have a couple of questions about statement of use (I might have missed earlier discussions of these): - does everyone on the TC need to submit statement of use? - what happens if we don't currently use the standard, but are planning in the future? - what is the format of the document? Is there a template? Thank you! k


  • 5.  RE: [sarif] Updated Schedule

    Posted 07-15-2019 20:37
    David, Is submission of results in SARIF format to SATE treated as a use? k


  • 6.  Re: [sarif] Updated Schedule

    Posted 07-15-2019 20:45
    Katrina, Yes, if you produce conforming SARIF files, that means that you at least conform to the SARIF log file and SARIF producer conformance clauses. David On 7/15/19 1:36 PM, Yekaterina O'Neil wrote: David, Is submission of results in SARIF format to SATE treated as a use? k


  • 7.  RE: [sarif] Updated Schedule

    Posted 07-15-2019 20:47
    We use Microsoft converter though k


  • 8.  Re: [sarif] Updated Schedule

    Posted 07-15-2019 20:49
    Oh, then Microsoft conforms. :-) You would only submit a Statement of Use if your own software conforms to one or more of the conformance clauses. David On 7/15/19 1:47 PM, Yekaterina O'Neil wrote: We use Microsoft converter though k


  • 9.  RE: [sarif] Updated Schedule

    Posted 07-15-2019 20:51
    Got it, thank you :) k