Currently, to load a SARIF report into the extension and see the resulting problems, users must manually open the report file. This approach makes the extension less useful within an automated workflow. For example, a user might run a tool like Watchexec to execute static analysis tools in response to source code changes. Those static analysis tools could output their SARIF reports into a predefined directory.
Therefore, I would like to request a new feature whereby the extension can watch a directory (configurable) for writes to *.sarif files. In response to those writes, the extension would automatically load the problems from all the changed SARIF reports in the watched directory (1) without having to open the report JSON contents in the editor and (2) without having to open the SARIF Results View (configurable).
The end-to-end workflow might look like the following:
User creates the .reports directory.
User configures the extension to watch the .reports directory for writes to *.sarif files.
User runs Watchexec (or an equivalent tool) to execute static analysis tools on source code changes.
User opens, edits, and saves source code files.
Watchexec (or an equivalent tool) executes static analysis tools in response to the source code changes.
Static analysis tools output their SARIF reports into the .reports directory.
Extension loads the problems from all the *.sarif files that changed in the .reports directory.
If configured to do so, extension opens the SARIF Results View upon loading the changed files; otherwise, extension only loads the problems into the Problems View and the in-editor underlines.
Repeat steps 4-8 as necessary.
This workflow has the following benefits:
The user receives immediate feedback when saving source code files.
Static analysis tools without accompanying VS Code extensions can easily hook into this workflow.
Even when tools have dedicated extensions, this workflow decouples Intellisense/editing features from linting/analysis.
The local development environment can run the exact same commands as the remote CI pipeline environment and generate reports in the same format.
Thank you for making this awesome extension! I think the prospect of using SARIF as a universal integration format between tools and the editor is very exciting!
Currently, to load a SARIF report into the extension and see the resulting problems, users must manually open the report file. This approach makes the extension less useful within an automated workflow. For example, a user might run a tool like Watchexec to execute static analysis tools in response to source code changes. Those static analysis tools could output their SARIF reports into a predefined directory.
Therefore, I would like to request a new feature whereby the extension can watch a directory (configurable) for writes to
*.sariffiles. In response to those writes, the extension would automatically load the problems from all the changed SARIF reports in the watched directory (1) without having to open the report JSON contents in the editor and (2) without having to open the SARIF Results View (configurable).The end-to-end workflow might look like the following:
.reportsdirectory..reportsdirectory for writes to*.sariffiles..reportsdirectory.*.sariffiles that changed in the.reportsdirectory.This workflow has the following benefits:
Thank you for making this awesome extension! I think the prospect of using SARIF as a universal integration format between tools and the editor is very exciting!