1. The TC requests a Special Majority Vote to advance SARIF Version 2.1.0 to Candidate OASIS Standard. For that purpose, we also approve the following statements.
---
2. The TC certifies that all SARIF Version 2.1.0 schema and XML instances are well-formed and that expressions are valid.
---
3. Clear English-language summary of the specification:
Static Analysis Results Interchange Format (SARIF) is a standard output format for static analysis tools. A static analysis tool is a program that examines programming artifacts in order to detect problems, without executing the program. A standard output format allows results to be combined across runs of the same tool, and across runs of tools from multiple vendors, to get a more complete picture of the aspects of a program that need improvement.
---
4. Relationship of this specification to similar work:
The Object Management Group's Tool Output Integration Format (TOIF) is an existing standard that integrates diverse static analysis result formats into the lowest common denominator representation, as one form of evidence in a software assurance system. By contrast, SARIF accommodates deep, precise expression of static analysis results to provide full support for the capabilities of advanced static analysis systems, enabling the sharing of sophisticated visualization and processing components that previously were specific to individual static analysis tools.
---
5. The TC approves the three Statements of Use that are attached to this ballot, noting that they are from OASIS Organizational Members. |
