OASIS Static Analysis Results Interchange Format (SARIF) TC

  • 1.  Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard published

    Posted 04-08-2020 15:22
    OASIS Members and other interested parties, OASIS is pleased to announce the publication of its newest OASIS Standard, approved by the members on 27 March 2020: Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard 27 March 2020 Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format. SARIF defines a standard format for the output of static analysis tools in order to: - Comprehensively capture the range of data produced by commonly used static analysis tools. - Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows. - Represent analysis results for all kinds of programming artifacts, including source code and object code. The specification and related files are available here: Editable source (Authoritative): https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.docx HTML: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html PDF: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.pdf JSON schemas: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/ Distribution ZIP files For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.zip Our congratulations to the members of the SARIF TC on achieving this milestone. -- /chet ---------------- Chet Ensign Chief Technical Community Steward OASIS: Advancing open source & open standards for the information society http://www.oasis-open.org Mobile: +1 201-341-1393


  • 2.  Re: [sarif] Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard published

    Posted 04-09-2020 00:13
    Thanks, Chet! It's celebration time! David On 4/8/20 7:26 AM, Chet Ensign wrote: OASIS Members and other interested parties, OASIS is pleased to announce the publication of its newest OASIS Standard, approved by the members on 27 March 2020: Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard 27 March 2020 Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format. SARIF defines a standard format for the output of static analysis tools in order to: - Comprehensively capture the range of data produced by commonly used static analysis tools. - Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows. - Represent analysis results for all kinds of programming artifacts, including source code and object code. The specification and related files are available here: Editable source (Authoritative): https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.docx HTML: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html PDF: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.pdf JSON schemas: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/ Distribution ZIP files For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.zip Our congratulations to the members of the SARIF TC on achieving this milestone. -- /chet ---------------- Chet Ensign Chief Technical Community Steward OASIS: Advancing open source & open standards for the information society http://www.oasis-open.org Mobile: +1 201-341-1393


  • 3.  RE: [EXTERNAL] Re: [sarif] Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard published

    Posted 04-09-2020 15:22
    And thank you, David, for your years-long efforts in guiding us through the standards process. We were privileged to have someone with such broad experience and deep expertise as our mentor. Best regards, Larry


  • 4.  Re: [sarif] RE: [EXTERNAL] Re: [sarif] Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard published

    Posted 04-09-2020 16:16
    Thanks, Larry! And thank you for your tireless work on the document and excellent wordsmithing. In fact, the whole TC deserves thanks for the many substantial contributions and for sticking with it. Even those whose jobs required them to leave were extremely helpful while they were able to be with us. Everybody pat yourselves on the back! David On 4/9/20 8:21 AM, Larry Golding (Myriad Consulting Inc) wrote: And thank you, David, for your years-long efforts in guiding us through the standards process. We were privileged to have someone with such broad experience and deep expertise as our mentor. Best regards, Larry


  • 5.  RE: [sarif] RE: [EXTERNAL] Re: [sarif] Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard published

    Posted 04-16-2020 21:12
    Congratulations, everyone! Just an FYI, Microsoft will be entering a quiet period for the remainder of the fiscal year on the SARIF standard (meaning we won't be actively engaged in any standards-related work, though we'll have plenty of internal activity utilizing the standard). I have requested some standards funding that, if approved, will light up on July 1. I hope that folks on the TC will be open to looking at making contributions for future work then. We may tinker w/extensions to the standard or open a new initiative related to dynamic analysis. Will keep everyone apprised, Michael


  • 6.  Fwd: [sarif] RE: [EXTERNAL] Re: [sarif] Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard published

    Posted 04-16-2020 21:28
    And I quote "... or open a new initiative related to dynamic analysis." SARIF was the 'not sure' reply to the survey. So it could go in a good direction... ---------- Forwarded message --------- From: Michael Fanning < Michael.Fanning@microsoft.com > Date: Thu, Apr 16, 2020 at 5:12 PM Subject: RE: [sarif] RE: [EXTERNAL] Re: [sarif] Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard published To: David Keaton < dmk@dmk.com >, Larry Golding (Myriad Consulting Inc) < v-lgold@microsoft.com >, Chet Ensign < chet.ensign@oasis-open.org >, OASIS SARIF TC Discussion List < sarif@lists.oasis-open.org > Congratulations, everyone! Just an FYI, Microsoft will be entering a quiet period for the remainder of the fiscal year on the SARIF standard (meaning we won't be actively engaged in any standards-related work, though we'll have plenty of internal activity utilizing the standard). I have requested some standards funding that, if approved, will light up on July 1. I hope that folks on the TC will be open to looking at making contributions for future work then. We may tinker w/extensions to the standard or open a new initiative related to dynamic analysis. Will keep everyone apprised, Michael