OASIS Static Analysis Results Interchange Format (SARIF) TC

Join TC     TC Page     Send a comment to this TC

Defining a standard output format for static analysis tools

David Keaton, dmk@dmk.com, Chair
Luke Cartey, Chair
Stefan Hagen, stefan@hagen.link, Secretary

Table of Contents


See press release: Industry leaders collaborate to define SARIF interoperability standard for detecting software defects and vulnerabilities: Common data format for static analysis tools is being advanced by CA Technologies, Cryptsoft, FireEye, GrammaTech, Hewlett Packard Enterprise (HPE), Micro Focus, Microsoft, New Context, Phantom, RIPS, SWAMP, Synopsys, U.S. DHS, U.S. NIST, and others; 12 Oct 2017.

The first meeting of the OASIS SARIF Technical Committee was held via teleconference on September 06, 2017. David Keaton (Individual) and Luke Cartey (Semmle) were elected TC Co-Chairs.

Participation in the OASIS SARIF TC is open to all interested parties. Contact join@oasis-open.org for more information.


The SARIF TC is chartered to define a standard output format for static analysis tools that will make it feasible for developers and teams to view, understand, interact with, and manage the results produced by all the tools that they use. The standardized output format will support aggregation of the results of a variety of static analysis tools. The design goal is to comprehensively capture the range of data produced by commonly used static analysis tools, and to capture information useful for assessing a project's compliance with corporate policy or conformance to certification standards.

For more information on the SARIF TC, see the TC Charter.


No subcommittees have been formed for this TC.

TC Liaisons

No TC Liaisons have been announced for this TC.

TC Tools and Approved Publications