OASIS Static Analysis Results Interchange Format (SARIF) TC Meeting #29 December 12, 2018

Acting chair: David

Chat transcript from room: sarif
From 2018-12-12 17:30 UTC until 19:30 UTC (planned)

1. Call to Order and Welcome

Chair: Called the meeting to order.

2. Roll call

All participants recorded their attendance on the OASIS meeting calendar - quorum was reached.

All participants were kindly encouraged to registrate themselves to optimize the use of the shared time during the meeting in one of two ways: Either click the link with the text "Register my attendance" on the top of the event page or directly visit the per event direct "record my attendace link":
https://www.oasis-open.org/apps/org/workgroup/sarif/record_my_attendance.php?event_id=47833&confirmed=1, Thanks

Details cf. normative attendance sheet for this meeting (event_id=47833).

2.1 Participants

Chris Meyer       (Microsoft)               - Member
David Keaton      (Individual)              - Chair
Henny Sipma       (Kestrel Technology)      - Voting Member
Jim Kupsch        (SWAMP)                   - Voting Member
Laurence Golding  (Microsoft)               - Voting Member
Luke Cartey       (Semmle)                  - Chair
Michael Fanning   (Microsoft)               - Voting Member
Stefan Hagen      (Individual)              - Secretary
Yekaterina O'Neil (Micro Focus)             - Voting Member

3. Review Agenda

Agenda draft published at https://www.oasis-open.org/committees/download.php/64414/agenda_20181212.html - content given below to support the reader:

Agenda for December 12, 2018
MEETING OF OASIS SARIF TECHNICAL COMMITTEE
Time 09:30-11:30 PST / 17:30-19:30 UTC
Meeting Chat Location http://webconf.soaphub.org/conf/room/sarif
Meeting Audio and Screen Sharing https://meet.lync.com/microsoft/mikefan/1Y6R699C
1. Opening Activities

1.1 Opening comments (Co-Chair Keaton)
1.2 Introduction of participants/roll call (Co-Chair Cartey)
1.3 Procedures for this meeting (Co-Chair Keaton)
1.4 Approval of agenda (Co-Chair Keaton)
1.5 Approval of previous minutes [Minutes of 2018-11-28 Meeting#28] (Co-Chair Keaton)
1.6 Review of action items and resolutions (Secretary Hagen)
1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
1.7.1 Prospective members attending their first meeting
1.7.2 Members attaining voting rights at the end of this meeting
1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
1.7.4 Members who previously lost voting rights who are attending this meeting
1.7.5 Members who have declared a leave of absence
2. Timeline Status

2.1 Note where we are on the schedule [SARIF TC Timeline] (Co-Chair Keaton)
         - Working on CSD 2, with 36 open issues, 15 fewer than previous agenda snapshot
3. Future Meetings

3.1 Future meeting schedule (Co-Chair Keaton)
Scheduled teleconferences (Wednesdays at 09:30 PST / 17:30 UTC for two hours)
January 9
Face-to-face meeting
January 24-25, Sunnyvale, hosted by Micro Focus [Logistical information]
4. Call for new officer (Co-Chair Keaton)

Because Stefan Hagen has announced his departure at the end of December, we need a volunteer for a new secretary. If someone volunteers now, they can consult with Stefan before he departs.
5. Document Progress (Co-Editors Golding and Fanning)

5.1 Editors' report
5.2 Approval of changes
Location of change drafts:
https://github.com/oasis-tcs/sarif-spec/tree/master/Documents/ChangeDrafts/Active
Discuss the following items individually, then vote on them together unless someone would like to separate out an issue for individual vote.
5.2.1 Version control details not strongly associated with results [#248]
5.2.2 Add rule.deprecatedIds [#293]
5.2.3 Define default for resultProvenance.lastDetectionTimeUtc [#287]
5.2.4 Specify optional property file.sourceLanguage to guide in syntax-driven colorization of snippets [#286]
5.2.5 Specify a default for result.rank [#292]
5.2.6 Move conversionProvenance under result.provenance [#297]
5.2.7 Suggestion: platform specific data to indicate file path case sensitivity [#209]
5.2.8 "index" properties should be required [#298]
5.2.9 Schema needs to be carefully scrubbed for minItems and uniqueItems use for all arrays [#270]
5.3 Discussions
5.3.1 Review issue cut list
5.3.2 Consider: 'review' or 'audit' result level. and reconsider 'note' [#215]
5.3.3 Add result.useful and result.suppressionReasons [#268]
5.3.4 Any other document items that need to be discussed
6. Other Business

7. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)

7.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)
7.2 Review of Decisions Reached (Secretary Hagen)
7.3 Review of Action Items (Secretary Hagen)
8. Next Meeting

January 9, 2018 / 09:30-11:30 PST / 17:30-19:30 UTC
9. Adjournment

Note: Issue URLs are constructed by appending the issue number (without the '#') to the base URL https://github.com/oasis-tcs/sarif-spec/issues/
Pull requests similarly refer to base URL https://github.com/oasis-tcs/sarif-spec/pull/ but to better distinguish from issues, they are encoded as PR#$number, wher $number represents the number of the pull request.

David: Agenda APPROVED

4. Approval of previous minutes

4.1 Approval of minutes from 2018-11-28 Meeting #28

Minutes at https://www.oasis-open.org/committees/download.php/64345/sarif-minutes-20181128-meeting-28.html

Minutes approved unchanged as published

5. Call for new officer

David: Chris Meyer volunteered as the new secretary. Thank you!

Stefan: Update after the meeting role of Chris Meyer promoted from member to secretary on roster.

6. Document Progress

6.1 Editor's report

Michael and Laurence walk all through the https://github.com/oasis-tcs/sarif-spec/blob/master/EditorsReports/Editor's report 2018-12-12.md.

Nothing noted.

6.2 Approval of Changes

Location of change drafts: https://github.com/oasis-tcs/sarif-spec/tree/master/Documents/ChangeDrafts/Active

Discussed the following items individually, then vote on them together unless someone would like to separate out an issue for individual vote.

David: My understanding of the changes we need to approve:

5.2.1-5.2.3, 5.2.5-5.2.6, 5.2.9
That is, #248, #293, #287, #292, #297, #270

Michael: the motion is to approve all of these without change

David: APPROVED

6.2.1 #248 - Version control details not strongly associated with results [#248]

David: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/Active/sarif-v2.0-issue-248-versionControlProvenance-file-mapping.docx

6.2.2 #293 - Add rule.deprecatedIds [#293]

David: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/Active/sarif-v2.0-issue-293-rule.deprecatedIds.docx

6.2.3 #287 - Define default for resultProvenance.lastDetectionTimeUtc [#287]

David: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/Active/sarif-v2.0-issue-287-lastDetectionTimeUtc-default-min-invocation-start-time.docx

6.2.4 #286 - Specify optional property file.sourceLanguage to guide in syntax-driven colorization of snippets [#286]

David: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/Active/sarif-v2.0-issue-286-source-language.docx

David:

It was noted that many other languages could be specified.  However, this would significantly lengthen the document.
Those involved will continue to think about that.
For tools that aim at particular languages, they should be permissive among the possibilities, e.g. support both "c++" and "cpp".

David: We will not propose to accept this change at this time.

Larry:

Another open issue is where the sourceLanguage property should live. 
In the change draft, it’s on the file object. 
Ykaterina raised concern about multi-language files, such as HTML hosting JavaScript. 
Michael wants to put sourceLanguage on the region object. 
Larry thinks that’s fine, but also wants it on file object, so that in the common case of a single language file, 
you only have to specify it once per file rather than once per snippet region. 
Michael pushes back that we already have file.mimeType; what’s the relation of that to sourceLanguage?

6.2.5 #292 - Specify a default for result.rank [#292]

David: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/Active/sarif-v2.0-issue-292-rank-default-0.docx

6.2.6 #297 - Move conversionProvenance under result.provenance [#297]

David: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/Active/sarif-v2.0-issue-297-provenance-refactor.docx

6.2.7 #209 - Suggestion: platform specific data to indicate file path case sensitivity [#209]

David: We are not ready to discuss this.

Michael: we are pulling #209 from discussion due to open concerns

6.2.8 #298 - "index" properties should be required [#298]

David: We are not ready to discuss this.

6.2.9 #270 - Schema needs to be carefully scrubbed for minItems and uniqueItems use for all arrays [#270]

David: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/Active/sarif-v2.0-issue-270-array-scrub.docx

6.3 Discussions

6.3.1 Review issue cut list

David: https://github.com/oasis-tcs/sarif-spec/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Apropose-to-close

Jim: Would like to have #44 https://github.com/oasis-tcs/sarif-spec/issues/44

7. Next meeting

January 9, 2018 / 09:30-11:30 PST / 17:30-19:30 UTC

8. Any Other Business and Adjourn

No other business. Adjourned.