OASIS Static Analysis Results Interchange Format (SARIF) TC Meeting #17 May 16, 2018

Acting chair: David

Chat transcript from room: sarif
From 2018-05-16 16:32 UTC until 18:25 UTC

1. Call to Order and Welcome

Chair: Called the meeting to order @ 16:32 UTC.

2. Roll call

All participants recorded their attendance on the OASIS meeting calendar - quorum was reached.

All participants were kindly encouraged to registrate themselves to optimize the use of the shared time during the meeting in one of two ways:
Either click the link with the text "Register my attendance" on the top of the event page or directly visit the per event direct "record my attendace link":
https://www.oasis-open.org/apps/org/workgroup/sarif/record_my_attendance.php?event_id=47351&confirmed=1, Thanks

Details cf. normative attendance sheet for this meeting (event_id=47351).

2.1 Participants

David Keaton      (Individual)          - Chair
Everett Maus      (Microsoft)           - Voting Member
Henny Sipma       (Kestrel Technology)  - Voting Member
Jim Kupsch        (SWAMP)               - Voting Member
Laurence Golding  (Individual)          - Voting Member
Luke Cartey       (Semmle)              - Chair
Michael Fanning   (Microsoft)           - Voting Member
Paul Brooks       (Microsoft)           - Voting Member
Stefan Hagen      (Individual)          - Secretary
Sunny Chaterjee   (Microsoft)           - Voting Member
Vamshi Basupalli  (SWAMP)               - Voting Member
Yekaterina O'Neil (Micro Focus)         - Member

3. Review Agenda

Agenda draft published at https://www.oasis-open.org/committees/download.php/63092/agenda_20180516.html - content given below to support the reader:

Agenda for May 16, 2018
MEETING OF OASIS SARIF TECHNICAL COMMITTEE
Time 09:30-11:30 PDT / 16:30-18:30 UTC
Meeting Chat Location http://webconf.soaphub.org/conf/room/sarif
Meeting Audio https://meet.lync.com/microsoft/mikefan/TKVJ7MS2

1. Opening Activities

1.1 Opening comments (Co-Chair Keaton)
1.2 Introduction of participants/roll call (Co-Chair Cartey)
1.3 Procedures for this meeting (Co-Chair Keaton)
1.4 Approval of agenda (Co-Chair Keaton)
1.5 Approval of previous minutes [Minutes of 2018-05-02 Meeting#16] (Co-Chair Keaton)
1.6 Review of action items and resolutions (Secretary Hagen)
1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
1.7.1 Prospective members attending their first meeting
1.7.2 Members attaining voting rights at the end of this meeting
1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
1.7.4 Members who previously lost voting rights who are attending this meeting
1.7.5 Members who have declared a leave of absence
2. Timeline Status

2.1 Note where we are on the schedule [SARIF TC Timeline] (Co-Chair Keaton)
         - 19 open issues marked CSD.1, 3 more than noted in the last meeting's agenda
3. Future Meetings

3.1 Future meeting schedule (Co-Chair Keaton)
Scheduled teleconferences (Wednesdays at 09:30 PDT / 16:30 UTC)
May 30
Proposed teleconferences (Wednesdays at 09:30 PDT / 16:30 UTC)
June 6
June 20
June 27
4. Document Progress (Co-Editors Golding and Fanning)

4.1 Editors' report
4.2 Approval of changes
Discuss the following items individually, then vote on them together unless someone would like to separate out an issue for individual vote.
4.2.1 Problems with regions [#93]
4.2.2 Expand code flows to represent dynamic execution events [#161]
4.2.3 Specify handling of line breaks [#103]
4.2.4 Clarify treatment of backslashes and square brackets with respect to embedded links [#153]
4.2.5 Consider a download/install uri for the tool [#138]
4.2.6 Consider adding timestamp to file object [#141]
4.2.7 Add 'returnType', 'parameter' and 'local' to logical location kind [#143]
4.2.8 Roles for edited files [#160]
4.2.9 Clarify requirements on tool.semanticVersion [#157]
4.2.10 run.automationId is namespaced [#162]
4.2.11 Add result.workItemLocation [#163]
4.2.12 Id property renames [#159]
4.2.13 Define an "engineering system" conformance profile [#166]
4.2.14 Add run.description [#165]
4.3 Discussions
4.3.1 Support nested graphs [#149]
4.3.2 Introduce result.correlationId and clarify purpose of result.fingerprints array [#158]
4.3.3 Decide how to handle uncommon line break characters [#169]
4.3.4 Any other new issues that need to be discussed
5. Other Business

5.1 Sarif MIME type (Co-Chair Cartey)
6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)

6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)
6.2 Review of Decisions Reached (Secretary Hagen)
6.3 Review of Action Items (Secretary Hagen)
7. Next Meeting

May 30, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC
8. Adjournment

Note: Issue URLs are constructed by appending the issue number (without the '#') to the base URL https://github.com/oasis-tcs/sarif-spec/issues/
Pull requests similarly refer to base URL https://github.com/oasis-tcs/sarif-spec/pull/ but to better distinguish from issues, they are encoded as PR#$number, wher $number represents the number of the pull request.

Everett moves to approve the agenda, seoncded

Laurence moves to amend the agenda moving 4.3.1 should be regions issue, seconded

No objection to amend in that way, unanimous consent, the motion to approve the agenda is amended

No further discussion the motion to approve the agenda carries

4. Approval of previous minutes

4.1 Approval of minutes from 2018-05-02 Meeting #16

Minutes at https://www.oasis-open.org/committees/download.php/63047/sarif-minutes-20180502-meeting-16.html

Minutes approved unchanged as published

5. Future Meetings

5.1 Future meeting schedule (Teleconferences)

Scheduled teleconferences (Wednesdays at 09:30 PDT / 16:30 UTC)

May 30

Proposed teleconferences (Wednesdays at 09:30 PDT / 16:30 UTC)

June 6
June 20

Michael moves to approve the june meetings, seconded.

Yekatarina will not be able to join June 27

No further discussion, no objections, so the June 6, 20, 27 meeting dates at the usual time are approved

6. Document Progress

6.1 Editors' report

Laurence walks all through the editors' report at https://github.com/oasis-tcs/sarif-spec/blob/master/EditorsReports/Editor's%20report%202018-05-16.md

6.2 Approval of issue closure

Discuss the following items individually, then vote on them together unless someone would like to separate out an issue for individual vote.

Laurence moves to accept all the change draft in the subsections of this section 6.2 according to the amended agenda, seconded

Changes are approved as amended

6.2.1 #161 - Expand code flows to represent dynamic execution events [#161]

Michael summarises the status of the issue/change

All discuss

Discussed and approved (cf. section 6.2)

6.2.2 #103 - Specify handling of line breaks [#103]

Michael summarises the status of the issue / changes

No discussion

Approved (cf. section 6.2)

6.2.3 #153 - Clarify treatment of backslashes and square brackets with respect to embedded links [#153]

Michael summarises the issue / changes.

No discussion

Approved (cf. section 6.2)

6.2.4 #138 - Consider a download/install uri for the tool [#138]

Stefan: Addition to 4.2.4 #153, Laurence notes, that the link text = ? JSON string character ? - square bracket is a JSON string character but it has to be escaped as part of a link

Laurence: Question is how to represent this nit in the ABNF

Note in case of approval this addition to ABNF grammar should be included

Michael summarises the issue / changes

No discussion

Discussed and approved (cf. section 6.2)

6.2.5 #141 - Consider adding timestamp to file object [#141]

No discussion

Approved (cf. section 6.2)

6.2.6 #143 - Add 'returnType', 'parameter' and 'local' to logical location kind [#143]

Michael summarises the issue / changes

Laurence agrees that variable seems to be preferable to local variable

Note suggested is to amend this change to reword the SHALL to SHOULD use the programming language matching syntax for location indication (for the logicalLocation)

No further discussion

Discussed and approved (cf. section 6.2)

6.2.7 #160 - Roles for edited files [#160]

Michael summarises the issue / changes

All discuss

Note Laurence received all required input from discussion to rename / as proposed changed requested from Jim all agree

Discussed and approved (cf. section 6.2)

6.2.8 #157 - Clarify requirements on tool.semanticVersion [#157]

Michael and Laurence summarise the issue / change

All discuss

No further discussion

Discussed and approved (cf. section 6.2)

6.2.9 #162 - run.automationId is namespaced [#162]

Michael summarises the issue / changes

All discuss

No further discussion

Discussed and approved (cf. section 6.2)

6.2.10 #163 - Add result.workItemLocation [#163]

Michael shortly summarises the issue / changes

Laurence mentions that there are many mentions of various kinds of locations and he highlights we are still not consistent in that regard - he suggests to wether to standardise on one or the other or wether it makes sense to have diversity there

No further discussion

Action on editors to propose a thoughtful decision on the location addressing / naming

Discussed and approved (cf. section 6.2)

6.2.11 #159 - Id property renames [#159]

Discussed in section 6.2.12 and approved (cf. section 6.2)

6.2.12 #166 - Define an "engineering system" conformance profile [#166]

The issues discussed here (section 6.2.12) and previous section 6.2.11 share one proposal draft

Michael walks all through the draft proposal document (laurence spots a typo text execution instead of test execution)

Laurence is not convinced of automationLogicalId (why not cut off Logical ?)

Laurence: But only Id looked a bit weak on the semantics ...

Laurence is OK with it

No further discussion

Discussed and approved (cf. section 6.2)

6.2.13 #165 - Add run.description [#165]

Michael summarises the issue / changes

No discussion

Approved (cf. section 6.2)

6.3 Discussions

6.3.1 #93 - Problems with regions [#93]

Laurence summarises the issue and the change

Jim has three issues with this. 1) not inclusive range notion - all tools known to him have inclusive ranges (an insertion point would be noted as line plus character length zero)

All discuss

Michael mentions one off errors that might be caused with inclusive ranges and also counting lines in regions would be more easy with half open intervals (non-inclusive at the end)

Jim acknowledges the usefulness of the exclusive (left open interval) but still sees the impedance mismatch with most tools he knows remains as a problem

All note, that line info is inclusive and column information is exclusive

All note, that there may be some inconsistencies in the current spec revision and the perceived ending policy might differ from some parts notion of it (inclusive / exclusive)

Jim notes his 2) issue - which seems to be already resolved as all agree that line ranges are closed

Jim notes 3) that there is no default value, when the end column is absent

Action on the editors to capture these issues into a new github issue

7. Any Other Business

Jim will be on vacation for the next weeks

8. Resolutions and Decisions reached

8.1 Review of Decisions Reached

Nothing noted here - for decisions see in sections above.

8.2 Review of Action Items

  1. Action on editors to propose a thoughtful decision on the location addressing / naming
  2. Action on the editors to capture these issues into a new github issue

9. Next meeting

May 30, 2018 / 09:30-11:30 PDT / 16:30-18:30 UTC

10. Adjourn

The meeting was adjourned at 18:25 UTC.