Open FlorianBarrau opened 2 years ago
tautschnig
commented
2 years ago Thank you very much for your suggestion. Patches are always welcome, so feel free to contribute. If you'd like to see this implemented and don't have the time to contribute a patch yourself, then could you please elaborate on your request by providing a detailed use case? In absence thereof it would be hard to come up with a test that confirms that the feature works in line with your expectations.
martin-cs
commented
2 years ago @FlorianBarrau SARIF would be great but as @tautschnig says, if there were one or more users or system integrators who would use this it would make it much easier to test and provide extra motivation to implement it.
FlorianBarrau
commented
2 years ago @tautschnig @martin-cs Thank you for your feedback. I understand the point. I had requested this feature because github claims to support SARIF through CodeQL as shown in this post. Maybe i can add some suggestions
--json-ui option to provide something that looks like SARIF. There is no big difference. At least we've been able to output something, but do not know whether it suits well with codeQL. We did an offline transformation, but i am not sure i am authorized to share the scripts here. HTH Florian
kdudka
commented
2 years ago We have introduced support for the SARIF format in csdiff. So one can pipe the output of formatCBMCOutput.py from cbmc-utils into csgrep --mode=sarif and upload its output to a GitHub pull request. @jamacku was recently successful in using csgrep for producing SARIF in his differential-shellcheck GitHub action.
I suggest to add the support for Static Analysis Results Interchange Format (SARIF), by adding an option
--sarif-uito the command line. It would be an extension of the existingjson-uioption, It would be great if you can add this.Thank you :)