OASIS Static Analysis Results Interchange Format (SARIF) TC

short-term goals for the SARIF TC

  • 1.  short-term goals for the SARIF TC

    Posted 05-27-2021 15:50
    Everyone, see below for a proposal for SARIF TC goals/execution in the short-term. We’ll discuss later today.   MCF   * Document, publish and maintain current state of SARIF eco-system, including list of direct exporters, SDKs, viewers, aggregators and other relevant support. * Complete a recruitment effort to acquire new TC representation. Use this effort as an opportunity as well to educate/solicit new SARIF adoption. Primary outreach should include commercial tooling/other industry partners, government departments and government-funded tooling/standards initiatives, and OSS tool owners. Secondary outreach could include OSS/component-governance and dynamic analysis tool providers. * Initiate a SARIF 2.1.1 design effort. Build a detailed punch-list of errata/smaller design issues in SARIF and set aside to start working through them. * Propose/implement strategic SARIF initiatives directly supported by the TC. These currently include:   - Author/publish/maintain SARIF-rendered taxonomies   - Author missing GitHub actions that support SARIF ingestion to GHAS. * Discuss/agree on substantive next-steps/long-term roadmap for the standard. E.g., metrics? results management? dynamic analysis, etc.