OASIS Static Analysis Results Interchange Format (SARIF) TC

  • 1.  Groups - Agenda for May 25, 2023 uploaded

    Posted 05-20-2023 01:34
    Document Name : Agenda for May 25, 2023 No description provided. Download Latest Revision Public Download Link Submitter : David Keaton Group : OASIS Static Analysis Results Interchange Format (SARIF) TC Folder : Meeting Notes Date submitted : 2023-05-19 18:34:01


  • 2.  Re: [sarif] Groups - Agenda for May 25, 2023 uploaded

    Posted 05-25-2023 01:36
    On Sat, 2023-05-20 at 01:34 +0000, David Keaton wrote: > ----------------- > Document Name: Agenda for May 25, 2023 > Description > No description provided. > View Details: > https://www.oasis-open.org/apps/org/workgroup/sarif/document.php?document_id=71048 > Download Latest Revision: > https://www.oasis-open.org/apps/org/workgroup/sarif/download.php/71048/latest/agenda_20230525.html > Public Download Link: > https://www.oasis-open.org/committees/document.php?document_id=71048&wg_abbrev=sarif > ----------------- > Submitter: David Keaton > > Group: OASIS Static Analysis Results Interchange Format (SARIF) TC > Folder: Meeting Notes > Date submitted: 2023-05-19 18:34:01 I have a couple of issues I'd like to discuss, either here or at the meeting: (A) "Which goes first - "version" or "$schema"?" https://github.com/oasis-tcs/sarif-spec/issues/571 "3.13.2 version property" says: "Although the order in which properties appear in a JSON object value is not semantically significant, the version property SHOULD appear first." However, in two of the three examples that have a "$schema", the $schema appears before the "version". Am I right in thinking that these examples should be changed so that the "version" appears before the "$schema"? FWIW the current errata doesn't fix this. Or does it not matter? In my GCC SARIF generation code I have the "$schema" before the "version" (I was copying one of the examples, I think) (B) "Please clarify the licensing of the SARIF schema files #583 " https://github.com/oasis-tcs/sarif-spec/issues/583 Is is possible/necessary to add a LICENSE.md e.g. to https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/ to clarify the terms under which the schema files are available, as I would like to redistribute the schema files. Or is there an explicit licensing statement somewhere that I missed? Thanks Dave


  • 3.  Re: [sarif] Groups - Agenda for May 25, 2023 uploaded

    Posted 05-25-2023 02:31
    This is another item we should include in our discussion during the meeting. Handling these together will ensure we come out with one version of the errata and schema that everyone agrees with. David On 2023-05-24 19:35, David Malcolm wrote: (A) "Which goes first - "version" or "$schema"?" https://github.com/oasis-tcs/sarif-spec/issues/571 "3.13.2 version property" says: "Although the order in which properties appear in a JSON object value is not semantically significant, the version property SHOULD appear first." However, in two of the three examples that have a "$schema", the $schema appears before the "version". Am I right in thinking that these examples should be changed so that the "version" appears before the "$schema"? FWIW the current errata doesn't fix this. Or does it not matter? In my GCC SARIF generation code I have the "$schema" before the "version" (I was copying one of the examples, I think)


  • 4.  Re: [sarif] Groups - Agenda for May 25, 2023 uploaded

    Posted 05-25-2023 02:32
    On 2023-05-24 19:35, David Malcolm wrote: (B) "Please clarify the licensing of the SARIF schema files #583 " https://github.com/oasis-tcs/sarif-spec/issues/583 Is is possible/necessary to add a LICENSE.md e.g. to https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/ to clarify the terms under which the schema files are available, as I would like to redistribute the schema files. Or is there an explicit licensing statement somewhere that I missed? I have a query into OASIS to find the best way to handle this. David