OASIS Static Analysis Results Interchange Format (SARIF) TC

  • 1.  RE: [sarif] RE: your thoughts on DARIF

    Posted 07-24-2019 22:41
    There are two questions: - Is DARIF a separate standard? Jim suggests we explore that idea ("I think we should first look at enhancing SARIF, but allow for the possibility of producing a separate DARIF.") It might or might not end up being separate. - _If_ DARIF is a separate standard, do we refactor the DARIF/SARIF commonality into a BARIF? I do think that would be a good thing -- but again, only if DARIF is a separate standard from SARIF, which is TBD.


  • 2.  RE: [sarif] RE: your thoughts on DARIF

    Posted 07-25-2019 05:02
    Well, as I said earlier, I vote for DARIF being a separate standard, and thus refactoring SARIF/DARIF commonality into a BARIF k


  • 3.  Re: [sarif] RE: your thoughts on DARIF

    Posted 07-26-2019 18:11
    I'm in broad agreement with Jim. I'd prefer to have as few standards as possible (I'm already confused about [SDBPM]ARIF), so we should try hard to make SARIF fit before introducing something new. I'm very interested to hear what dynamic analysis properties could not be made to fit SARIF other than the few we've already mentioned. -Paul On 7/25/2019 1:00 AM, Yekaterina O'Neil wrote: Well, as I said earlier, I vote for DARIF being a separate standard, and thus refactoring SARIF/DARIF commonality into a BARIF k