OASIS Static Analysis Results Interchange Format (SARIF) TC Meeting #13 March 28, 2018

Acting chair: David

Chat transcript from room: sarif
From 2018-03-28 16:37 UTC until 18:20 UTC

1. Call to Order and Welcome

Chair: Called the meeting to order @ 16:37 UTC.

2. Roll call

All participants recorded their attendance on the OASIS meeting calendar - quorum was reached.

All participants were kindly encouraged to registrate themselves to optimize the use of the shared time during the meeting in one of two ways:
Either click the link with the text "Register my attendance" on the top of the event page or directly visit the per event direct "record my attendace link":
https://www.oasis-open.org/apps/org/workgroup/sarif/record_my_attendance.php?event_id=47195&confirmed=1, Thanks

Details cf. normative attendance sheet for this meeting (event_id=47195).

2.1 Participants

2.1.1 Voting Members present

David Keaton (Individual)
Henny Sipma (Kestrel Technology)
Jim Kupsch (SWAMP)
Laurence Golding (Individual)
Luke Cartey (Semmle)
Michael Fanning (Microsoft)
Paul Anderson (GrammaTech, Inc.)
Stefan Hagen (Individual)
Vamshi Basupalli (SWAMP)
Yekaterina ONeil (Micro Focus)

2.1.2 Members present

Note: Despite the (mis-)calculations of the tool in the TC workspace, it is sufficient to participate in two subsequent meetings of a TC to obtain voting rights after that meeting.

Everett Maus (Microsoft)
Nikolai Mansourov (Object Management Group)
Paul Brookes (Microsoft)

2.1.3 Observers present

Note: Observers of this committee that are ready to become Members should follow the specific instructions displayed the OASIS Open Notices tab.

None.

2.2 Voting Right Changes Effective After The Roll call of this Meeting

2.2.1 Members who gained Voting Rights

Everett Maus (Microsoft)
Paul Brookes (Microsoft)

2.2.2 Members who lost Voting Rights

Chris Wysopal (CA Technologies)
Pooya Mehregan (Security Compass)

3. Review Agenda

Agenda draft published at https://www.oasis-open.org/committees/download.php/62763/agenda_20180328.html - content given below to support the reader:

Agenda for March 28, 2018
MEETING OF OASIS SARIF TECHNICAL COMMITTEE
Time: 09:30-11:30 PDT (16:30-18:30 UTC)
Note: The US and EU are now both on daylight savings time.
Meeting Chat Location: http://webconf.soaphub.org/conf/room/sarif
Meeting Audio: https://meet.lync.com/microsoft/mikefan/N398PQ42
1. Opening Activities
  1.1 Opening comments (Co-Chair Keaton)
  1.2 Introduction of participants/roll call (Co-Chair Cartey)
  1.3 Procedures for this meeting (Co-Chair Keaton)
  1.4 Approval of agenda (Co-Chair Keaton)
  1.5 Approval of previous minutes [Minutes of 2018-03-14 Meeting#12] (Co-Chair Keaton)
  1.6 Review of action items and resolutions (Secretary Hagen)
  1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
    1.7.1 Prospective members attending their first meeting
    1.7.2 Members attaining voting rights at the end of this meeting
    1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
    1.7.4 Members who previously lost voting rights who are attending this meeting
    1.7.5 Members who have declared a leave of absence
2. Timeline Status
  2.1 Note where we are on the schedule [SARIF TC Timeline] (Co-Chair Keaton)
      - 24 open issues marked CSD.1, same number as last meeting
3. Future Meetings
  3.1 Future meeting schedule (Co-Chair Keaton)
      Scheduled teleconferences (Wednesdays at 09:30 PDT / 16:30 UTC)
        April 4
        April 18
4. Document Progress (Co-Editors Golding and Fanning)
  4.1 Editors' report
  4.2 Approval of changes
      Discuss the following items individually, then vote on them together unless someone would like to separate out an issue for individual vote.
    4.2.1 Ensure spec properly accounts for tools that emit line #'s only for code locations [#75]
    4.2.2 Code flow enhancements [#80]
    4.2.3 Add path normalization guidance for URLs [#86]
    4.2.4 invocation.fileName -> invocation.executableLocation [#95]
    4.2.5 Add redactionToken property to run object [#96]
    4.2.6 Add encoding property to file object [#98]
    4.2.7 Make stdin/stdout/stderr/stdoutStderr fileLocation instead of physicalLocation [#133]
  4.3 Discussions
    4.3.1 Provide support for graphs and graph traversals [#46]
    4.3.2 Fix the location object [#130]
    4.3.3 Review rank/metrics/etc. proposals as raised by Nick Mansourov [#58] [#44]
          - Note: #58 is not a CSD.1 issue
5. Other Business
6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)
  6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)
  6.2 Review of Decisions Reached (Secretary Hagen)
  6.3 Review of Action Items (Secretary Hagen)
7. Next Meeting
   April 4, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC
8. Adjournment
Note: Issue URLs are constructed by appending the issue number (without the '#') to the base URL https://github.com/oasis-tcs/sarif-spec/issues/
Pull requests similarly refer to base URL https://github.com/oasis-tcs/sarif-spec/pull/ but to better distinguish from issues, they are encoded as PR#$number, wher $number represents the number of the pull request.

Agenda approved unchanged as published

4. Approval of previous minutes from 2018-03-14 Meeting #12

Minutes at https://www.oasis-open.org/committees/download.php/62757/sarif-minutes-20180314-meeting-12.html

Minutes approved unchanged as published

5. Timeline Status

5.1 Note where we are on the schedule [SARIF TC Timeline]

24 open issues marked CSD.1, same number as last meeting

6. Future Meetings

6.1 Future meeting schedule (Teleconferences)

April 04 (US & EU daylight savings time) - Proposed teleconference (Wednesday at 09:30 US Pacific time)
April 18 (US & EU daylight savings time) - Proposed teleconference (Wednesday at 09:30 US Pacific time)

7. Document Progress

7.1 Editors' report

Nothing noted

7.2 Approval of changes

David: Decision: Accept all edits except 7.2.6, with the noted amendments to 7.2.5 (as shown in the notes of the sub sections).

7.2.1 #75 - Ensure spec properly accounts for tools that emit line #'s only for code locations [#75]

Discussed and approved (cf. section 7.2)

7.2.2 #80 - Code flow enhancements [#80]

Discussed and approved (cf. section 7.2)

7.2.3 #86 - Add path normalization guidance for URLs [#86]

Discussed and approved (cf. section 7.2)

7.2.4 #95 - invocation.fileName -> invocation.executableLocation [#95]

Discussed and approved (cf. section 7.2)

7.2.5 #96 - Add redactionToken property to run object [#96]

Jim: The presence of a redactionToken property is the indication that a redaction occurred.

Jim: There should be no default.

Jim: We can suggest a redactionToken but should not specify it.

All: The agreement is to use SHOULD (as opposed to MAY) for the suggested value.

All: Agree to add a NOTE giving an example of when you might not want to use the suggested value (namely, if the suggested value occurs naturally).

Laurence: Wants to accept the above amendments.

Discussed and approved as amended (cf. section 7.2)

7.2.6 #98 - Add encoding property to file object [#98]

Luke: We don't always know the incoming character set to ensure that the output is UTF-8.

Laurence: In that case, we could use the code for an unknown character set.

Jim: This relates to the character set problem in issue #93

Jim: The character set should be populated if possible.

All: If the suggested default redaction token is not used, we will not make /any/ recommendation on what to use in its place.

David: This item 7.2.6 (i.e. issue #98) is removed from the upcoming vote (cf. section 7.2).

David: Action: Larry to produce a revised edit for issue #98 for the next TC meeting.

7.2.7 #133 - Make stdin/stdout/stderr/stdoutStderr fileLocation instead of physicalLocation [#133]

Discussed and approved (cf. section 7.2)

7.3 Discussions

David: Decision: Ask Larry to produce changes based on discussion in sub sections 7.3.1 and 7.3.2.

7.3.1 #46 - Provide support for graphs and graph traversals [#46]

Discussed

7.3.2 #130 - Fix the location object [#130]

Discussed

Laurence: I move that the TC agrees to the proposed design. Michael seconds.

No discussion. Unanimous consent. Motion carries.

7.3.3 #58 and #44 - Review rank/metrics/etc. proposals as raised by Nick Mansourov [#58] [#44]

- Note: #58 is not a CSD.1 issue

Skipped

8. Any Other Business

No other business

9. Resolutions and Decisions reached

9.1 Review of Decisions Reached

Nothing noted here - for decisions see in sections above.

9.2 Review of Action Items

  1. Larry to produce a revised edit for issue #98 for the next TC meeting.

10. Next meetings

April 04, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC
April 18, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC

11. Adjourn

The meeting was adjourned at 18:20 UTC.