Presentation is loading. Please wait.

Presentation is loading. Please wait.

A brief overview of the contribution

Published byWinfred Horn Modified over 6 years ago

Similar presentations

Presentation on theme: "A brief overview of the contribution"— Presentation transcript:

1 A brief overview of the contribution
SARIF A brief overview of the contribution

2 Purpose Make developers more productive by enabling them to interact with results from multiple analysis tools in a uniform way. Enable uniform viewing experiences (e.g., IDE integrations) Enable uniform storage in and retrieval from a back end (“result management systems”)

3 Design goals Comprehensively capture the range of data produced by commonly used static analysis tools. Be a useful format for analysis tools to emit directly, and also an effective interchange format into which the output of any analysis tool can be converted. Be suitable for use in a variety of scenarios related to analysis result management, and be extensible for use in new scenarios. Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows. Capture information that is useful for assessing a project’s compliance with corporate policy or conformance to certification standards. Adopt a widely used serialization format that can be parsed by readily available tools. Represent analysis results for all kinds of programming artifacts, including source code and object code. Represent the logical construct against which a result is produced, such as a function, class, or namespace. Represent the physical location at which a result is produced, including problems that are detected in nested files (such as a source file within a compressed container).

4 History 2013: Originated in Microsoft’s security organization to unify results produced by several security-related static analysis tools. Developed “in the open”: Open issues in the repo will be filed in OASIS for resolution by TC – including concepts from related formats such as SATE and SWAMP/SCARF. Supported by latest Microsoft C#/VB/C++ compilers, a variety of publicly available Microsoft tools, as well as tools from …..

5 Example { "version": "1.0.0", "runs": [ { "tool": { "name": "CodeScanner", "semanticVersion": "2.1.0" }, "files": { "file:///user/builder/work/src/collections/list.cpp": { "mimeType": "text/x-c" } }, "results": [ { "ruleId": "C2001", "message": "Variable \"count\" was used without being initialized.", "locations": [ { "analysisTarget": { "uri": "file:///user/builder/work/src/collections/list.cpp", "region": { "startLine": } }, "fullyQualifiedLogicalName": "collections::list:add" } ] } ], "rules": { "C2001": { "id": "C2001", "fullDescription": "A variable was used without being initialized. This can result in runtime errors such as null reference exceptions." } } } ] }

6 Features (a partial list)
Multiple runs per file Tool information Run/invocation information Rich description of “results” including: “Physical” and “logical” locations Multiple locations per result Code flows Stacks Fixes Rule metadata File metadata Hashes MIME type Embedded contents Support for both text and binary files Support for “nested” files Tool notifications (e.g. capture tool console output) Support for “baselining"

7 Other applications Dynamic analysis tools (code flow support with location.kind) Web scanning tools (analysis targets expressed as URLs)

8 Resources Specification contribution: spec/master/Static%20Analysis%20Results%20Interchange%20Forma t%20(SARIF).html SARIF home page: SARIF .NET SDK NuGet package: … and source code:

Download ppt "A brief overview of the contribution"

Similar presentations

Microsoft Windows NT Embedded 4.0

Microsoft Windows NT Embedded 4.0
The following 10 questions test your knowledge of desired configuration management in Configuration Manager 2007. Configuration Manager Desired Configuration.

The following 10 questions test your knowledge of desired configuration management in Configuration Manager Configuration Manager Desired Configuration.
CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.

CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.
Programming Paradigms and languages

Programming Paradigms and languages
DT211/3 Internet Application Development

DT211/3 Internet Application Development
Microsoft Office Open XML Formats Brian Jones Lead Program Manager Microsoft Corporation.

Microsoft Office Open XML Formats Brian Jones Lead Program Manager Microsoft Corporation.
Russell Taylor Lecturer in Computing & Business Studies.

Russell Taylor Lecturer in Computing & Business Studies.
Mapping Physical Formats to Logical Models to Extract Data and Metadata Tara Talbott IPAW ‘06.

Mapping Physical Formats to Logical Models to Extract Data and Metadata Tara Talbott IPAW ‘06.
ÆKOS: A new paradigm for discovery and access to complex ecological data David Turner, Paul Chinnick, Andrew Graham, Matt Schneider, Craig Walker Logos.

ÆKOS: A new paradigm for discovery and access to complex ecological data David Turner, Paul Chinnick, Andrew Graham, Matt Schneider, Craig Walker Logos.
Creating and Running Your First C# Program Svetlin Nakov Telerik Corporation www.telerik.com.

Creating and Running Your First C# Program Svetlin Nakov Telerik Corporation
Tahir Nawaz Visual Programming C# Week 2. What is C#? C# (pronounced C sharp) is an object- oriented language that is used to build applications for.

Tahir Nawaz Visual Programming C# Week 2. What is C#? C# (pronounced "C sharp") is an object- oriented language that is used to build applications for.
Learning Resource iNterchange

Learning Resource iNterchange
Using Microsoft SharePoint to Develop Workflow and Business Process Automation Ted Perrotte National Practice Manager, Quilogy, Microsoft Office SharePoint.

Using Microsoft SharePoint to Develop Workflow and Business Process Automation Ted Perrotte National Practice Manager, Quilogy, Microsoft Office SharePoint.
Microsoft Dynamics.

Microsoft Dynamics.
1 Developing Rules Driven Workflows in Windows Workflow Foundation Jurgen Willis COM318 Program Manager Microsoft Corporation.

1 Developing Rules Driven Workflows in Windows Workflow Foundation Jurgen Willis COM318 Program Manager Microsoft Corporation.
Overview of Mini-Edit and other Tools Access DB Oracle DB You Need to Send Entries From Your Std To the Registry You Need to Get Back Updated Entries From.

Overview of Mini-Edit and other Tools Access DB Oracle DB You Need to Send Entries From Your Std To the Registry You Need to Get Back Updated Entries From.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,
2005 Adobe Systems Incorporated. All Rights Reserved. 1 Ontolog Forum Gunar Penikis Sr. Product Manager Adobe Systems.

2005 Adobe Systems Incorporated. All Rights Reserved. 1 Ontolog Forum Gunar Penikis Sr. Product Manager Adobe Systems.
Crystal Hoyer Program Manager IIS Team Preview of features that will be announced at MIX09 Please do not blog, take pictures or video of session.

Crystal Hoyer Program Manager IIS Team Preview of features that will be announced at MIX09 Please do not blog, take pictures or video of session.

Similar presentations

Ads by Google