Provide SARIF Output ?

[nvuillam]

Hi, is it in the roadmap to make shellcheck provide SARIF output ? (SARIF is the OASIS common format for all analysis tools )

It would help improve its integration within MegaLinter :)

Best regards

[koalaman]

This format appears to be very specific to GitHub and highly over-engineered, so it's not currently in a state where I'd want to support it upstream. This issue can be left open in case that changes though.

[nvuillam]

Thanks for your response It seems it really is becoming the standard output for all type of linters, not just for GitHub stuff ^^

Thanks for letting it open in case someone would like to make a PR :)

[nishwalshetty]

@koalaman i am also looking forward for SARIF support from shellcheck

[jamacku]

I would love to see native SARIF support in ShellCheck, but I also know how complex the format specification is.

Maybe something to note is that there are at least two GitHub actions that can output ShellCheck findings in SARIF format:

• differential-shellcheck
• codacy-analysis-cli-action

[dgutson]

SARIF is by large becoming a standard with a reach far beyond github. It is being used by lint aggregators and dashboards (eg we are adding SARIF support to CodeChecker).

[schewara]

This would still great to have, as in the last 2 years adoption of the SARIF format has not slowed down and having to deal with only one universal file format instead of hundred different tool specific output/report formats makes automated testing and reporting so much easier.