search

doyensec / electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
Apache License 2.0
972 stars 66 forks source link

Export to SARIF format added #15

Closed JarLob closed 6 years ago

JarLob commented 6 years ago

The issue was already raised in #4 - console window is inconvenient for reviewer, because he has to copy/paste the path and find the line number to verify the warning.

SARIF (Static Analysis Results Interchange Format) allows importing results into compatible application for review. There are extensions for Visual Studio Code and Visual Studio for example.

An example how it looks like in Visual Studio Code:

image

  1. Open the SARIF file File->Open
  2. In the Problems window at the bottom filter by 'electronegativity'.
  3. Click on the problem - the file is automatically opened with the issue highlighted. You can walk between problems without mouse by up/down keys. Issues that require manual analysis are displayed as warnings or errors otherwise. Additional information is displayed in Sarif Explorer on the right. The link to github wiki is clickable to read more about the issue.
ikkisoft commented 6 years ago

This is a pretty cool feature! thanks!!!

0xibram commented 6 years ago

great work on this!