Open bradlarsen opened 1 year ago
See this for requirements and suggestions related to GitHub Code Analysis SARIF support: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
I asked for help in understanding how best to represent Nosey Parker's findings in SARIF: https://github.com/oasis-tcs/sarif-spec/issues/564
SARIF support was recently added (#33, #4), adding a new output format to Nosey Parker's
report
command. This support is preliminary, but good enough that viewers like the VSCode SARIF plugin can do something useful with the output in some cases.However, I want Nosey Parker to do something useful in all cases. The end goal is that Nosey Parker's SARIF output is complete enough that common viewers can usefully render all findings.
Viewers of particular interest:
sarif-fmt
command-line programRough edges and opportunities for improvement: