OASIS Static Analysis Results Interchange Format (SARIF) TC

Join TC     TC Page     Send a comment to this TC

Defining a standard output format for static analysis tools

David Keaton, dmk@dmk.com, Chair
Luke Cartey, luke@semmle.com, Chair
Stefan Hagen, stefan@hagen.link, Secretary

Table of Contents


Announcements

View recording of SARIF briefing for prospective members, held 21 Sept 2018.

OASIS Awards 2018 Open Standards Cup to KMIP for Key Management Security and SARIF for Static Analysis Tools; 20 Aug 2018

Participation in the OASIS SARIF TC is open to all interested parties. SARIF TC members include major software companies, cybersecurity providers, government agencies, security orchestration specialists, programmers, and consultants. Contact join@oasis-open.org for more information.


Overview

SARIF TC members are developing an interoperability standard for detecting software defects and vulnerabilities. The goal is to define a common output format for static analysis tools that will make it feasible for developers and teams to view, understand, interact with, and manage the results produced by all their tools.

SARIF represents a leap forward in the usability of static analysis tools. Many organizations in the safety and security communities use several competing tools on their code. SARIF will allow them to combine and compare the results more easily to gain a sharper picture of the issues in their code that need to be addressed. Engineering teams will be able to easily access a broad range of potential defects and vulnerabilities in compliance with privacy and accessibility standards. SARIF will support the development of products whose code spans languages and operating systems.

For more information, see the SARIF TC Charter.


TC Tools and Approved Publications


Mailing Lists and Comments

sarif: the discussion list used by TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives.

sarif-comment: a public mailing list for providing feedback on the technical work of the OASIS SARIF TC. Send a comment or view the OASIS comment list archives.


Press Coverage and Commentary


Additional Information


Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.