lorenzodb1
commented
2 years ago Hi @DariuszPorowski, thank you for bringing up this idea! We're having a hard time finding an easy way to convert our results to SARIF or even any more specific documentation on how we could use microsoft/sarif-python-om to achieve that. Since you're part of Microsoft, I assume you have some knowledge around SARIF, so would you be able to help us out in that sense? Or maybe even come up with a PR yourself?
It will be nice to have SARIF file support as the output of the scan. I do not mean changing the current JSON output generated but adding a flag that would also create a serif file with results.
SARIF is an OASIS Standard and is good to display results from static analysis tools. For example, GitHub uses it: SARIF support for code scanning. Several other commonly used solutions present the SARIF data nicely and are used by various CI / CD tools.