EBALLOT PROPOSAL: provide a mechanism for persisting arbitrary categorization (i.e., 'taxonomies') metadata to log files. Rules and notifications can describe all tags that are consistently and/or optionally reported by each.
API IMPACT
Schema changes PR: Microsoft/sarif-sdk#1318
Add run.taxonomies, an array of reportingDescriptor objects (so a taxonomy entry can have an id, a name, shortDescription, longDescription, etc.).
Add externalPropertyFiles.taxonomies so that the data can be persisted to an external file.
Add reportingDescriptor.taxonomyReferences, an array of reportingDescriptorReference objects. (these are taxonomy items that always apply to the result implicated by this rule).
Add reportingDescriptor.optionalTaxonomyReferences, an array of reportingDescriptorReference objects (these are taxonomy items that can optionally apply to a result implicated by this rule).
Add result.taxonomyReferences, an array of reportingDescriptorReferences that point into run.taxonomies. The pointer property of each of these reference objects is simply a stringified integer (for example, "42" refers to the item at index 42 in run.taxonomies).
NOTES
This ballot item depends on the reportingDescriptorReference object defined in #324, so if that one is rejected, this one would have to be modified. See #324 for more on reportingDescriptorReference. Note especially the proposed sarif URI scheme that allows us to specify the location of an item within a SARIF log file.
This change will not remove the reserved property bag tags value (as suggested in earlier discussion on this issue).
https://github.com/oasis-tcs/sarif-spec/issues/314 |
