OASIS Static Analysis Results Interchange Format (SARIF) TC

  • 1.  Invitation to comment on Static Analysis Results Interchange Format (#SARIF) v2.0 - ends June 18th

    Posted 06-03-2019 21:41
    OASIS members and other interested parties, OASIS and the OASIS Static Analysis Results Interchange Format (SARIF) TC [1] are pleased to announce that Static Analysis Results Interchange Format (SARIF) Version 2.0 is now available for public review and comment. This is the second public review for SARIF v2.0. Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format. SARIF defines a standard format for the output of static analysis tools in order to: Comprehensively capture the range of data produced by commonly used static analysis tools. Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows. Represent analysis results for all kinds of programming artifacts, including source code and object code. The documents and related files are available here: Static Analysis Results Interchange Format (SARIF) Version 2.0 Committee Specification Draft 02 / Public Review Draft 02 27 May 2019 Editable source (Authoritative): https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.docx HTML: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html PDF: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.pdf JSON schemas: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/schemas/ For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.zip How to Provide Feedback OASIS and the SARIF TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work. The public review starts 04 June 2019 at 00:00 UTC and ends 18 June 2019 at 23:59 UTC. This specification was previously submitted for public review [2]. This 15-day review is limited in scope to changes made from the previous review. Changes are highlighted in red-lined file included in the package [3]. Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC's "Send A Comment" page ( https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=sarif ). Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at: https://lists.oasis-open.org/archives/sarif-comment/ All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification. OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work. Additional information about the specification and the SARIF TC can be found at the TC's public home page: https://www.oasis-open.org/committees/sarif/ ========== Additional references: [1] OASIS Static Analysis Results Interchange Format (SARIF) TC https://www.oasis-open.org/committees/sarif/ [2] Previous public review: - 30-day public review, 22 June 2018: https://lists.oasis-open.org/archives/sarif/201806/msg00083.html - Comment resolution log: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd01/sarif-v2.0-csprd01-comment-resolution-log.txt [3] Red-lined version (PDF): https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02-DIFF.pdf [4] https://www.oasis-open.org/who/intellectualproperty.php [5] https://www.oasis-open.org/committees/sarif/ipr.php https://www.oasis-open.org/policies-guidelines/ipr#RF-on-RAND-Mode RF on RAND Mode -- Paul Knight ... . Document Process Analyst ... mobile: +1 781-883-1783 OASIS - Advancing open standards for the information society


  • 2.  Re: Invitation to comment on Static Analysis Results Interchange Format (#SARIF) v2.0 - ends June 18th

    Posted 06-04-2019 18:29
    This public review of SARIF v2.0 csprd02 is being withdrawn, but will be
    replaced very shortly with a public review of SARIF v2.1.0 csprd01.

    Please submit any comments you may be preparing to the public review for
    SARIF v2.1.0 csprd01.

    On Mon, Jun 3, 2019 at 5:40 PM Paul Knight <paul.knight@oasis-open.org>
    wrote:

    > OASIS members and other interested parties,
    >
    > OASIS and the OASIS Static Analysis Results Interchange Format (SARIF) TC
    > [1] are pleased to announce that Static Analysis Results Interchange Format
    > (SARIF) Version 2.0 is now available for public review and comment. This is
    > the second public review for SARIF v2.0.
    >
    > Software developers use a variety of tools to assess the quality of their
    > programs. These tools can report results on qualities such as validity,
    > security, performance, compliance with legal requirements, etc. To form an
    > overall picture of program quality, developers often need to aggregate the
    > results produced by all of these tools, a task made difficult when each
    > tool produces output in a different format.
    >
    > SARIF defines a standard format for the output of static analysis tools in
    > order to:
    > · Comprehensively capture the range of data produced by commonly used
    > static analysis tools.
    > · Reduce the cost and complexity of aggregating the results of various
    > analysis tools into common workflows.
    > · Represent analysis results for all kinds of programming artifacts,
    > including source code and object code.
    >
    > The documents and related files are available here:
    >
    > Static Analysis Results Interchange Format (SARIF) Version 2.0
    > Committee Specification Draft 02 / Public Review Draft 02
    > 27 May 2019
    >
    > Editable source (Authoritative):
    >
    > https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.docx
    >
    > HTML:
    >
    > https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html
    >
    > PDF:
    > https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.pdf
    >
    > JSON schemas:
    > https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/schemas/
    >
    > For your convenience, OASIS provides a complete package of the
    > specification document and any related files in ZIP distribution files. You
    > can download the ZIP file at:
    >
    > https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.zip
    >
    > How to Provide Feedback
    >
    > OASIS and the SARIF TC value your feedback. We solicit input from
    > developers, users and others, whether OASIS members or not, for the sake of
    > improving the interoperability and quality of its technical work.
    >
    > The public review starts 04 June 2019 at 00:00 UTC and ends 18 June 2019
    > at 23:59 UTC.
    >
    > This specification was previously submitted for public review [2]. This
    > 15-day review is limited in scope to changes made from the previous review.
    > Changes are highlighted in red-lined file included in the package [3].
    >
    > Comments may be submitted to the TC by any person through the use of the
    > OASIS TC Comment Facility which can be used by following the instructions
    > on the TC's "Send A Comment" page (
    > https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=sarif).
    >
    > Comments submitted by TC non-members for this work and for other work of
    > this TC are publicly archived and can be viewed at:
    > https://lists.oasis-open.org/archives/sarif-comment/
    >
    > All comments submitted to OASIS are subject to the OASIS Feedback License,
    > which ensures that the feedback you provide carries the same obligations at
    > least as the obligations of the TC members. In connection with this public
    > review, we call your attention to the OASIS IPR Policy [4] applicable
    > especially [5] to the work of this technical committee. All members of the
    > TC should be familiar with this document, which may create obligations
    > regarding the disclosure and availability of a member's patent, copyright,
    > trademark and license rights that read on an approved OASIS specification.
    >
    > OASIS invites any persons who know of any such claims to disclose these if
    > they may be essential to the implementation of the above specification, so
    > that notice of them may be posted to the notice page for this TC's work.
    >
    > Additional information about the specification and the SARIF TC can be
    > found at the TC's public home page:
    > https://www.oasis-open.org/committees/sarif/
    >
    > ========== Additional references:
    > [1] OASIS Static Analysis Results Interchange Format (SARIF) TC
    > https://www.oasis-open.org/committees/sarif/
    >
    > [2] Previous public review:
    > - 30-day public review, 22 June 2018:
    > https://lists.oasis-open.org/archives/sarif/201806/msg00083.html
    > - Comment resolution log:
    >
    > https://docs.oasis-open.org/sarif/sarif/v2.0/csprd01/sarif-v2.0-csprd01-comment-resolution-log.txt
    >
    > [3] Red-lined version (PDF):
    >
    > https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02-DIFF.pdf
    >
    > [4] https://www.oasis-open.org/who/intellectualproperty.php
    >
    > [5] https://www.oasis-open.org/committees/sarif/ipr.php
    > https://www.oasis-open.org/policies-guidelines/ipr#RF-on-RAND-Mode
    > RF on RAND Mode
    > --
    > Paul Knight <paul.knight@oasis-open.org>....Document Process Analyst
    > <https://www.oasis-open.org/people/staff/paul-knight>...mobile: +1
    > 781-883-1783
    > OASIS <https://www.oasis-open.org/> - Advancing open standards for the
    > information society
    >


    --
    Paul Knight <paul.knight@oasis-open.org>....Document Process Analyst
    <https://www.oasis-open.org/people/staff/paul-knight>...mobile: +1
    781-883-1783
    OASIS <https://www.oasis-open.org/> - Advancing open standards for the
    information society



  • 3.  Re: Invitation to comment on Static Analysis Results Interchange Format (#SARIF) v2.0 - ends June 18th

    Posted 06-04-2019 18:29
    This public review of SARIF v2.0 csprd02 is being withdrawn, but will be replaced very shortly with a public review of SARIF v2.1.0 csprd01. Please submit any comments you may be preparing to the public review for SARIF v2.1.0 csprd01. On Mon, Jun 3, 2019 at 5:40 PM Paul Knight < paul.knight@oasis-open.org > wrote: OASIS members and other interested parties, OASIS and the OASIS Static Analysis Results Interchange Format (SARIF) TC [1] are pleased to announce that Static Analysis Results Interchange Format (SARIF) Version 2.0 is now available for public review and comment. This is the second public review for SARIF v2.0. Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format. SARIF defines a standard format for the output of static analysis tools in order to: Comprehensively capture the range of data produced by commonly used static analysis tools. Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows. Represent analysis results for all kinds of programming artifacts, including source code and object code. The documents and related files are available here: Static Analysis Results Interchange Format (SARIF) Version 2.0 Committee Specification Draft 02 / Public Review Draft 02 27 May 2019 Editable source (Authoritative): https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.docx HTML: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html PDF: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.pdf JSON schemas: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/schemas/ For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.zip How to Provide Feedback OASIS and the SARIF TC value your feedback. We solicit input from developers, users and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work. The public review starts 04 June 2019 at 00:00 UTC and ends 18 June 2019 at 23:59 UTC. This specification was previously submitted for public review [2]. This 15-day review is limited in scope to changes made from the previous review. Changes are highlighted in red-lined file included in the package [3]. Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC's "Send A Comment" page ( https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=sarif ). Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at: https://lists.oasis-open.org/archives/sarif-comment/ All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review, we call your attention to the OASIS IPR Policy [4] applicable especially [5] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification. OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work. Additional information about the specification and the SARIF TC can be found at the TC's public home page: https://www.oasis-open.org/committees/sarif/ ========== Additional references: [1] OASIS Static Analysis Results Interchange Format (SARIF) TC https://www.oasis-open.org/committees/sarif/ [2] Previous public review: - 30-day public review, 22 June 2018: https://lists.oasis-open.org/archives/sarif/201806/msg00083.html - Comment resolution log: https://docs.oasis-open.org/sarif/sarif/v2.0/csprd01/sarif-v2.0-csprd01-comment-resolution-log.txt [3] Red-lined version (PDF): https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02-DIFF.pdf [4] https://www.oasis-open.org/who/intellectualproperty.php [5] https://www.oasis-open.org/committees/sarif/ipr.php https://www.oasis-open.org/policies-guidelines/ipr#RF-on-RAND-Mode RF on RAND Mode -- Paul Knight ... . Document Process Analyst ... mobile: +1 781-883-1783 OASIS - Advancing open standards for the information society -- Paul Knight ... . Document Process Analyst ... mobile: +1 781-883-1783 OASIS - Advancing open standards for the information society