OASIS Static Analysis Results Interchange Format (SARIF) TC Meeting #16 May 02, 2018

Acting chair: David

Chat transcript from room: sarif
From 2018-05-02 16:37 UTC until 18:24 UTC

1. Call to Order and Welcome

Chair: Called the meeting to order @ 16:37 UTC.

2. Roll call

All participants recorded their attendance on the OASIS meeting calendar - quorum was reached.

All participants were kindly encouraged to registrate themselves to optimize the use of the shared time during the meeting in one of two ways:
Either click the link with the text "Register my attendance" on the top of the event page or directly visit the per event direct "record my attendace link":
https://www.oasis-open.org/apps/org/workgroup/sarif/record_my_attendance.php?event_id=47259&confirmed=1, Thanks

Details cf. normative attendance sheet for this meeting (event_id=47259).

2.1 Participants

David Keaton      (Individual)          - Chair
Everett Maus      (Microsoft)           - Voting Member
Jim Kupsch        (SWAMP)               - Voting Member
Jordyn Puryear    (Microsoft)           - Member
Laurence Golding  (Individual)          - Voting Member
Luke Cartey       (Semmle)              - Chair
Michael Fanning   (Microsoft)           - Voting Member
Paul Anderson     (GrammaTech, Inc.)    - Voting Member
Stefan Hagen      (Individual)          - Secretary
Sunny Chaterjee   (Microsoft)           - Member
Vamshi Basupalli  (SWAMP)               - Voting Member
Yekaterina O'Neil (Micro Focus)         - Member

3. Review Agenda

Agenda draft published at https://www.oasis-open.org/committees/download.php/63016/agenda_20180502.html - content given below to support the reader:

Agenda for May 2, 2018
MEETING OF OASIS SARIF TECHNICAL COMMITTEE
Time: 09:30-11:30 PDT / 16:30-18:30 UTC
Meeting: Chat Location http://webconf.soaphub.org/conf/room/sarif
Meeting: Audio https://meet.lync.com/microsoft/mikefan/KGS5754G

1. Opening Activities

1.1 Opening comments (Co-Chair Keaton)
1.2 Introduction of participants/roll call (Co-Chair Cartey)
1.3 Procedures for this meeting (Co-Chair Keaton)
1.4 Approval of agenda (Co-Chair Keaton)
1.5 Approval of previous minutes [Minutes of 2018-04-18 Meeting#15] (Co-Chair Keaton)
1.6 Review of action items and resolutions (Secretary Hagen)
1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
1.7.1 Prospective members attending their first meeting
1.7.2 Members attaining voting rights at the end of this meeting
1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
1.7.4 Members who previously lost voting rights who are attending this meeting
1.7.5 Members who have declared a leave of absence
2. Timeline Status

2.1 Note where we are on the schedule [SARIF TC Timeline] (Co-Chair Keaton)
         - 16 open issues marked CSD.1, 3 of which remain to be addressed
3. Future Meetings

3.1 Future meeting schedule (Co-Chair Keaton)
Scheduled teleconferences (Wednesdays at 09:30 PDT / 16:30 UTC)
May 16
May 30
4. Document Progress (Co-Editors Golding and Fanning)

4.1 Editors' report
4.2 Approval of issue closure
4.2.1 Specify handling of line breaks [#103]
4.3 Approval of changes
Discuss the following items individually, then vote on them together unless someone would like to separate out an issue for individual vote.
4.3.1 Fingerprint-related issues
4.3.1.1 Clarify guidance for 'partialFingerprints' components [#122]
4.3.1.2 Add result.fingerprints array [#126]
4.3.1.3 Rename suggestion: toolFingerprintContributions -> partialFingerprints, computedFingerprints -> fingerprints [#147]
4.3.1.4 Define a "result management system" conformance profile [#154]
4.3.2 Support annotating image attachments [#137]
4.3.3 Update stableId to allow for build configuration/other details [#148]
4.3.4 conversion.analysisToolLogFileLocation should be an array [#134]
4.3.5 Don't require codeFlowLocation.location [#139]
4.3.6 For symmetry, define a logicalLocation object [#145]
4.3.7 Remove annotation object; use regions instead [#155]
4.3.8 Make sure result.id explicitly notes its relevance to automation/results management systems [#136]
4.3.9 Rename hash.algorithm to hash.function
4.4 Discussions
4.4.1 Any new issues that need to be discussed
5. Other Business

6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)

6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)
6.2 Review of Decisions Reached (Secretary Hagen)
6.3 Review of Action Items (Secretary Hagen)
7. Next Meeting

May 16, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC
8. Adjournment
Note: Issue URLs are constructed by appending the issue number (without the '#') to the base URL https://github.com/oasis-tcs/sarif-spec/issues/
Pull requests similarly refer to base URL https://github.com/oasis-tcs/sarif-spec/pull/ but to better distinguish from issues, they are encoded as PR#$number, wher $number represents the number of the pull request.

Agenda approved unchanged as published

4. Approval of previous minutes

4.1 Approval of minutes from 2018-04-18 Meeting #15

Minutes at https://www.oasis-open.org/committees/download.php/63009/sarif-minutes-20180418-meeting-15.html

Minutes approved unchanged as published

5. Future Meetings

5.1 Future meeting schedule (Teleconferences)

Proposed teleconferences (Wednesdays at 09:30 PDT / 16:30 UTC)
May 16
May 30

6. Document Progress

6.1 Editors' report

The Editor's report noted a couple of editorial changes in addition to the usual "here's what was merged from last time" and "here's what we're prepared to review this time."

6.2 Approval of issue closure

6.2.1 #103 - Specify handling of line breaks [#103]

David: Requires further investigation -- not approved today

6.3 Approval of changes

David: Decision: All changes in agenda item 6.3 approved as amended.

6.3.1 #122 / #126 / #147 / #154 - Fingerprint-related issues [#122] [#126] [#147] [#154]

Larry: partial fingerprint should not include anything that can be inferred

Michael: partial fingerprint is outside of physical location details

David: Partial fingerprint to be refined as discussed. Otherwise, consider this change for approval.

Discussed and approved (cf. section 6.3)

6.3.2 #137 - Support annotating image attachments [#137]

Jim: make values float and change pixels to units appropriate for format

Michael: suggest excluding dynamically-rendered formats, using Jim's change for static formats, and investigating dynamic formats later

Larry:

also remove the word nonnegative from rectangle
x goes left to right, y goes top to bottom

David: Refine rectangle as discussed. Otherwise consider this change for approval.

Discussed and approved (cf. section 6.3)

6.3.3 #148 - Update stableId to allow for build configuration/other details [#148]

Larry:

"number of interpretation" --> "number and interpretation"
stableId of run identified by baselineId must match stableId of current run

David: Refine as discussed. Otherwise consider this change for approval.

Discussed and approved (cf. section 6.3)

6.3.4 #134 - conversion.analysisToolLogFileLocation should be an array [#134]

Discussed and approved (cf. section 6.3)

6.3.5 #139 - Don't require codeFlowLocation.location [#139]

Larry: sometimes a location is just a message

David: Refine as discussed. Otherwise consider this change for approval.

Discussed and approved (cf. section 6.3)

6.3.6 #145 - For symmetry, define a logicalLocation object [#145]

Discussed and approved (cf. section 6.3)

6.3.7 #155 - Remove annotation object; use regions instead [#155]

Discussed and approved (cf. section 6.3)

6.3.8 #136 - Make sure result.id explicitly notes its relevance to automation/results management systems [#136]

Larry: result management system owns result.id

Discussed and approved (cf. section 6.3)

6.3.9 Rename hash.algorithm to hash.function

Discussed and approved (cf. section 6.3)

6.4 Discussions

6.4.1 Any new issues that need to be discussed

David: Discussed e-mail from last night regarding nested graphs.

Michael: Hope to have a CSD.1 draft to vote on next meeting.

7. Any Other Business

No other business

8. Resolutions and Decisions reached

8.1 Review of Decisions Reached

Nothing noted here - for decisions see in sections above.

8.2 Review of Action Items

Nothing noted here

9. Next meetings

May 16, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC
May 30, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC

10. Adjourn

The meeting was adjourned at 18:24 UTC.