The Wayback Machine - https://web.archive.org/web/20200614073209/https://github.com/microsoft/sarif-sdk
Skip to content

/ sarif-sdk

.NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs/sarif-spec)
C# C PowerShell JavaScript C++ Batchfile Other
  1. C# 81.5%
  2. C 16.5%
  3. PowerShell 0.7%
  4. JavaScript 0.6%
  5. C++ 0.4%
  6. Batchfile 0.2%
  7. Other 0.1%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Latest commit

@eddynaka
eddynaka Improving GitHub issue creation (#1912)
Latest commit 196252e Jun 12, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.nuget Bring NuGet publishing up to Microsoft requirements. (#1242) Jan 29, 2019
appveyor Change output format for sarif file no BOM Aug 4, 2016
docs Adding lost documentation from the Wiki and updating some how-to steps ( Feb 6, 2020
npm Fully expand require package.json. (#1751) Feb 17, 2020
refs More code clean-up. Add simple GitHub integration via Octokit. (#1746) Feb 7, 2020
scripts Update CPU count in our dotnet build script to be single threaded. Th… May 5, 2020
src Improving GitHub issue creation (#1912) Jun 12, 2020
.gitattributes Preliminary content. Data model, core library, and unit tests build. … Nov 18, 2015
.gitignore Initial logging framework for WorkItems (#1820) Mar 24, 2020
BeforeBuild.sh Fix #631, #651, #658: Schema changes and build fixes (#660) Oct 30, 2017
BuildAndTest.cmd Merge sarif-v2 into master (#964) Jul 24, 2018
BuildPackagesFromLayoutDirectory.cmd Create a more efficient Semmle build. (#1750) Feb 11, 2020
DelistCurrentPackages.cmd csd1.0.1 RTM (#1030) Aug 20, 2018
LICENSE Add license Nov 18, 2015
NuGet.Config Update schema and tests to SARIF TC#25 conclusions, 2.0.0-csd.2.beta.… Oct 18, 2018
PublishSignedPackages.cmd Update version & CommandLineParser package ref Jan 16, 2018
README.md Update the readme to test the new CodeQL integration. (#1806) Mar 8, 2020
RunTests.cmd Create a more efficient Semmle build. (#1750) Feb 11, 2020
ado-build.yml Update build YML for ADO PR-integratedf pipeline (#1819) Mar 19, 2020
appveyor.yml NPM Build Enable (#1741) Feb 5, 2020
azure-pipelines.yml Test Multi-Repository Pipeline (#1859) Apr 22, 2020
dotnet-install.ps1 NET Core Port (#624) Oct 5, 2017
lgtm.yml Restore LGTM Code QL analysis (#1805) Mar 7, 2020
triskelion.png 2.0 alpha package release (#996) Aug 8, 2018

README.md

sarif-sdk

The SARIF SDK contains .NET code and supporting files for working with the Static Analysis Results Interchange Format (SARIF). For more information about SARIF, see the SARIF Home Page. You can read the SARIF specification, or file issues in the SARIF GitHub repo.

Getting started

To add the SARIF SDK to your project, install the Sarif.Sdk NuGet package. Sarif.Sdk depends on Newtonsoft.Json, which is installed automatically when you install Sarif.Sdk.

The types in the SARIF SDK are in the Microsoft.CodeAnalysis.Sarif namespace.

The SARIF SDK provides a set of classes which represent the elements of the SARIF format. We refer to this as the "SARIF object model". The root type that represents a SARIF log file is SarifLog. Other types in the SARIF object model are Result, PhysicalLocation, etc..

Note: The SARIF SDK's build process automatically generates the SARIF object model classes from the SARIF JSON schema, which you can find at src/Sarif/Schemata/sarif-schema.json. Although these files do exist in the repo (under src/Sarif/Autogenerated), you should never edit them by hand.

In addition to the object model, the SARIF SDK provides a set of helper classes to facilitate using Newtonsoft.Json to read and write SARIF log files.

Building the SDK

If you want to build the SDK from source, rather than consuming the NuGet package, proceed as follows:

  1. Install .NET Core SDK 2.1 from https://www.microsoft.com/net/download/core

  2. Ensure that Visual Studio 2019 is installed on your machine.

    You can build in VS 2017 as well.

  3. Ensure that your Visual Studio installation includes the components that support

    • C# development

  4. Open a Visual Studio 2019 Developer Command Prompt Window.

  5. From the root directory of your local repo, run the command BuildAndTest.cmd. This restores all necessary NuGet packages, builds the SDK, and runs all the tests.

    All build output appears in the bld\ subdirectory of the repo root directory.

    NOTE: You must run BuildAndTest.cmd once before attempting to build in Visual Studio, to ensure that all required NuGet packages are available.

  6. After you have run BuildAndTest.cmd once, you can open any of the solution files in the src\ directory in Visual Studio 2017, and build them by running Rebuild Solution.

Accomplishing common tasks

To learn how to accomplish common tasks with the SARIF SDK, such as reading and writing files from disk, see the How To page.

Code of conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ, or contact opencode@microsoft.com with any additional questions or comments.

You can’t perform that action at this time.