Approved Errata for Static Analysis Results Interchange Format (SARIF) v2.1.0 OASIS Standard published

Updated documents now available

OASIS is pleased to announce the approval and publication of new Approved Errata by the members of the OASIS Static Analysis Results Interchange Format (SARIF) TC.

Overview:

Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format.

SARIF defines a standard format for the output of static analysis tools in order to:
– Comprehensively capture the range of data produced by commonly used static analysis tools.
– Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows.
– Represent analysis results for all kinds of programming artifacts, including source code and object code.

This publication includes:
– The errata, in the form of a list of changes. (sarif-v2.1.0-errata01-os)
– The OASIS Standard with the errata changes applied and highlighted. (sarif-v2.1.0-errata01-os-redlined)
– The OASIS Standard with the errata changes applied, and not redlined. (sarif-v2.1.0-errata01-os-complete)
– The SARIF v2.1.0 JSON schemas.

Static Analysis Results Interchange Format (SARIF) Version 2.1.0 Errata 01
OASIS Approved Errata
28 August 2023

Editable source (Authoritative):
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os.docx
HTML:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os.html
PDF:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os.pdf
JSON schemas:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/

OASIS Standard incorporating Approved Errata 01 (redlined)
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-redlined.docx
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-redlined.html
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-redlined.pdf

OASIS Standard incorporating Approved Errata 01 (complete)
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.docx
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os.zip

Members of the OASIS Static Analysis Results Interchange Format (SARIF) TC [1] approved these specifications by Full Majority Vote. The specifications had been released for public review as required by the TC Process [2]. The vote to approve as Approved Errata passed [3], and the Approved Errata are now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone.

========== Additional references:

[1] OASIS Static Analysis Results Interchange Format (SARIF) TC
https://www.oasis-open.org/committees/sarif/

[2] Public reviews:
15-day public review, 03 August 2023: https://lists.oasis-open.org/archives/members/202308/msg00000.html
– Comment resolution log: https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/csd01/sarif-v2.1.0-errata01-csd01-comment-resolution-log.txt
60-day public review, 20 December 2019: https://lists.oasis-open.org/archives/members/201912/msg00012.html
– Comment resolution log: https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos01/sarif-v2.1.0-cos01-comment-resolution-log.zip
30-day public review, 04 June 2019: https://lists.oasis-open.org/archives/sarif-comment/201906/msg00002.html
– Comment resolution log: https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01-comment-resolution-log.txt

[3] Approval ballot:
https://www.oasis-open.org/committees/download.php/71293/ballot_3792.html