Add Code Flow Report when Present to Sarif Viewer Results

microsoft / ApplicationInspector

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

MIT License

4.19k stars 352 forks source link

Add Code Flow Report when Present to Sarif Viewer Results #514

Open gfs opened 1 year ago

gfs commented 1 year ago

Application Inspector does not generate code flow results but CodeQL does. The Sarif Viewer should support viewing codeflow results when they are present.

gfs commented 1 year ago

https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html

See Code Flow/Thread Flow

gfs commented 1 year ago

Reopened due to feedback.