OASIS Static Analysis Results Interchange Format (SARIF) TC Meeting #11 February 28, 2018

Acting chair: David

Chat transcript from room: sarif
From 2018-02-28 17:32 UTC until 19:24 UTC

1. Call to Order and Welcome

Chair: Called the meeting to order @ 17:32 UTC.

2. Roll call

All participants recorded their attendance on the OASIS meeting calendar - quorum was reached.

All participants were kindly encouraged to registrate themselves to optimize the use of the shared time during the meeting in one of two ways:
Either click the link with the text "Register my attendance" on the top of the event page or directly visit the per event direct "record my attendace link":
https://www.oasis-open.org/apps/org/workgroup/sarif/record_my_attendance.php?event_id=47086&confirmed=1, Thanks

Details cf. normative attendance sheet for this meeting (event_id=47086).

2.1 Participants

2.1.1 Voting Members present

Chris Wysopal (CA Technologies)
David Keaton (Individual)
Henny Sipma (Kestrel Technology)
Jim Kupsch (SWAMP)
Ken Prole (Code Dx, Inc.)
Laurence Golding (Individual)
Luke Cartey (Semmle)
Michael Fanning (Microsoft)
Nikolai Mansourov (Object Management Group)
Pooya Mehregan (Security Compass)
Stefan Hagen (Individual)
Vamshi Basupalli (SWAMP)
Yekaterina ONeil (Micro Focus)

2.1.2 Members present

Note: Despite the (mis-)calculations of the tool in the TC workspace, it is sufficient to participate in two subsequent meetings of a TC to obtain voting rights after that meeting.

Hendrik Buchwald (RIPS Technologies)

2.1.3 Observers present

Note: Observers of this committee that are ready to become Members should follow the specific instructions displayed the OASIS Open Notices tab.

Paul Brookes (Microsoft)

2.2 Voting Right Changes Effective After The Roll call of this Meeting

2.2.1 Members who gained Voting Rights

None.

2.2.2 Members who lost Voting Rights

Kevin Greene (Mitre Corporation)

3. Review Agenda

Agenda draft published at https://www.oasis-open.org/committees/download.php/62597/agenda_20180228.html - content given below to support the reader:

Agenda for February 28, 2018
MEETING OF OASIS SARIF TECHNICAL COMMITTEE
Time: 09:30-11:30 PST (17:30-19:30 UTC)
Meeting Chat Location: http://webconf.soaphub.org/conf/room/sarif
Meeting Audio: https://meet.lync.com/microsoft/mikefan/6MNMV884
1. Opening Activities
    1.1 Opening comments (Co-Chair Keaton)
    1.2 Introduction of participants/roll call (Co-Chair Cartey)
    1.3 Procedures for this meeting (Co-Chair Keaton)
    1.4 Approval of agenda (Co-Chair Keaton)
    1.5 Approval of previous minutes [Minutes of 2018-02-14 Meeting#10] (Co-Chair Keaton)
    1.6 Review of action items and resolutions (Secretary Hagen)
    1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
        1.7.1 Prospective members attending their first meeting
        1.7.2 Members attaining voting rights at the end of this meeting
        1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
        1.7.4 Members who previously lost voting rights who are attending this meeting
        1.7.5 Members who have declared a leave of absence 
2. Timeline Status
    2.1 Note where we are on the schedule [SARIF TC Timeline] (Co-Chair Keaton)
             - 28 open issues marked CSD.1 and planning to ship Committee Specification Draft at next meeting 
3. Future Meetings
    3.1 Future meeting schedule (Co-Chair Keaton)
            Scheduled teleconference (Wednesday at 09:30 US Pacific time)
            March 14 (US daylight / EU standard time)
            Proposed teleconference (Wednesday at 09:30 US Pacific time)
            March 28 (US & EU daylight savings time)
4. Document Progress (Co-Editors Golding and Fanning)
    4.1 Editors' report
    4.2 Approval of changes
        4.2.1 Approve: result.conversionProvenance array is non-empty, unique
        4.2.2 Add instance id to result object [#82]
        4.2.3 Consider adding attachments property [#83]
        4.2.4 Add an invocation.arguments property [#94]
        4.2.5 Date/time property issues with seconds [#89]
        4.2.6 Add stdin/stdout/stderr on invocation [#92]
        4.2.7 Introduce "producer" profile [#104]
        4.2.8 Represent original values for uriBaseId properties [#91]
        4.2.9 Introduce fileLocation object [#90]
    4.3 Discussions
        4.3.1 Review and approve code flow examples [#80]
        4.3.2 Review localizability proposal [#84]
        4.3.3 Review metrics proposal [#44]
        4.3.4 Review rank proposal [#58] - Note: not a CSD.1 issue
5. Other Business
6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)
    6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)
    6.2 Review of Decisions Reached (Secretary Hagen)
    6.3 Review of Action Items (Secretary Hagen) 
7. Next Meeting
    March 14, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC
    Note: The US will be on daylight savings time, and the EU will be on standard time. 
8. Adjournment
Note: Issue URLs are constructed by appending the issue number (without the '#') to the base URL https://github.com/oasis-tcs/sarif-spec/issues/

David: Agenda approved unchanged as published

4. Approval of previous minutes from 2018-02-14 Meeting #10

Minutes at https://www.oasis-open.org/committees/download.php/62549/sarif-minutes-20180214-meeting-10.html

David: Minutes are approved unchanged as published

5. Review of action items and resolutions

David: Laurence and David to discuss citations for hash algorithms: remains open

David: Michael will create an issue for synthesizing a single run from multiple tool invocations: remains open.

6. Timeline Status

6.1 Note where we are on the schedule

7. Future Meetings

7.1 Future meeting schedule (Teleconferences)

David: Decision: We will meet on March 28th at 09:30 US Pacific time

US will be on Daylight Savings Time and EU will not at that time.

8. Document Progress

8.1 Editors' report

Nothing noted

8.2 Approval of changes

8.2.1 Approve: result.conversionProvenance array is non-empty, unique

8.2.2 #82 - Add instance id to result object

8.2.3 #83 - Consider adding attachments property

8.2.4 #94 - Add an invocation.arguments property

8.2.5 #89 - Date/time property issues with seconds

8.2.6 #92 - Add stdin/stdout/stderr on invocation

8.2.7 #104 - Introduce "producer" profile

8.2.8 #91 - Represent original values for uriBaseId properties

8.2.9 #90 - Introduce fileLocation object

David: Decision: Approve (the above) with the addition that Appendix F needs to be updated to add original URI base IDs to the list of nondeterministic properties.

8.3 Discussions

8.3.1 Review and approve code flow examples [#80]

8.3.2 Review localizability proposal [#84]

8.3.3 Review metrics proposal [#44]

8.3.4 Review rank proposal [#58] - Note: not a CSD.1 issue

9. Any Other Business

No other business

10. Resolutions and Decisions reached

10.1 Review of Decisions Reached

Nothing noted here - for decisions see in sections above.

10.2 Review of Action Items

  1. Editors to add CSD.1 issues to: 1) address stdout/stderr in same file, 2) capture return code in invocation object.
  2. Editors to add non-CSD.1 issue to capture prefix of an absolute deterministic URL for purposes of readability and compactness.
  3. Editors to create a non-CSD.1 issue to recommend whether hostnames should be mentioned in a URI base ID.
  4. Editors to convene a triage meeting for new issues to decide whether they should be CSD.1.

11. Next meeting

March 14, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC
Note: The US will be on daylight savings time, and the EU will be on standard time.

12. Adjourn

The meeting was adjourned at 19:24 UTC.