Project news

Static Analysis Results Interchange Format (#SARIF) Version 2.1.0 OASIS Standard published

OASIS is pleased to announce the publication of its newest OASIS Standard, approved by the members on 27 March 2020: Static Analysis Results Interchange Format (SARIF) Version 2.1.0 OASIS Standard 27 March 2020 Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format. SARIF defines a standard format for the output of static analysis tools in order to: – Comprehensively capture the range of data produced by commonly used static analysis tools. – Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows. – Represent analysis results for all kinds of programming artifacts, including source code and object code. The specification and related files are available here: Editable source (Authoritative): https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.docx HTML: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html PDF: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.pdf JSON schemas: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/ Distribution ZIP files For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.zip Our congratulations to the members of the SARIF TC on achieving this milestone.