search

microsoft / sarif-sdk

.NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs/sarif-spec)
Other
189 stars 88 forks source link

[FEATURE] - use hyperlinks for rule names in sarif report #2545

Open ncook-hxgn opened 1 year ago

ncook-hxgn commented 1 year ago

I recently have been integrating both CppCheck and PVS-Studio into Azure DevOps Pipelines.

For CppCheck, I am using the Sarif.Multitool to generate sarif reports from cppcheck xml results files. I can publish these and see them in the Scans tab. Excellent.

For PVS-Studio, I am using their bundled PlogConverter.exe to generate sarif reports, and I am able to publish and view these in the same manner as the CppCheck results - awesome!

However, the output of the PlogConverter is richer. The rule names are hyperlinks that link to PVS docs about the error or warning raised: image

This is excellent for user experience. Developers can quickly seek information and examples of how warnings are generated and how to address them.

It would be excellent if the Sarif.multitool did the same thing for e.g. CppCheck results. It looks like all the information required to do this is available(?), but I can't actually click that link, and when I highlight it for copy-and-paste into my browser, trying to visit the link results in an error 404 (e.g. don't use c-style casts): image

Further, if you wanted some inspiration, PlogConverter is open source and the code is available here on GitHub

ncook-hxgn commented 1 year ago

(FWIW, the 404 from the link maybe a CppCheck issue, in fact all of this may be a CppCheck feature request..)