Title Call for consent of Static Analysis Results Interchange Format (SARIF) Version 2.1.0 as an OASIS Standard
Description 
Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format.

SARIF defines a standard format for the output of static analysis tools in order to:

- Comprehensively capture the range of data produced by commonly used static analysis tools.
- Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows.
- Represent analysis results for all kinds of programming artifacts, including source code and object code.

Three Statements of Use were received from Software Assurance Marketplace
(SWAMP) Project, GrammaTech Inc., and Microsoft [2]. 

This is a call to the Organizational Members of OASIS to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however your consent is assumed unless you register an objection [3]. To register an objection, you must: 

1. Indicate your objection on this ballot, and 

2. Provide a reason for your objection and/or a proposed remedy to the TC. 

You may provide the reason in the comment box or by email to the Technical Committee on its comment mailing list or, if you are a member of the TC, to the TC's mailing list [3]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent. Note that failing to provide a reason and/or remedy may result in an objection being deemed invalid. 

URIs:

The prose specification document and related files are available here:

Static Analysis Results Interchange Format (SARIF) Version 2.1.0
Candidate OASIS Standard 02
12 March 2020

Editable source (Authoritative):
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.docx 

HTML:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.html

PDF:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.pdf

JSON schemas: 
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/


Please contact OASIS TC Administration at tc-admin@lists.oasis-open.org with any questions you may have about this ballot. 

--- Additional information --- 

[1] OASIS Static Analysis Results Interchange Format (SARIF) TC
https://www.oasis-open.org/committees/sarif/ 

[2] Statements of use 
Links to Statements of Use 

- Software Assurance Marketplace (SWAMP) Project -
https://www.oasis-open.org/committees/document.php?document_id=65816&wg_abbrev=sarif

- GrammaTech Inc. -
https://www.oasis-open.org/committees/document.php?document_id=66130&wg_abbrev=sarif

- Microsoft -
https://www.oasis-open.org/committees/document.php?document_id=66346&wg_abbrev=sarif

[3] https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent
Ballot Options Ballot has closed
[ ] Yes
[ ] No
[ ] Abstain
Opening Date Sat, Mar 14 2020 12:00 am UTC
Closing Date Fri, Mar 27 2020 11:59 pm UTC
Ballot has closed.

Referenced Items

Name Type Date Actions

03485: Call for consent of Static Analysis Results Interchange Format (SARIF) Version 2.1.0 as an...

Document (Archive)

2020-03-28

 No Access