-
-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SARIF output format #186
Comments
Here is a preview of what it will look like ! Suppose we analyse PHPLint source code with command And if we add the {
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "PHPLint",
"version": "9.1.0",
"informationUri": "https://github.com/overtrue/phplint"
}
},
"originalUriBaseIds": {
"WORKINGDIR": {
"uri": "file:///shared/backups/github/phplint/"
}
},
"results": [
{
"message": {
"text": "unexpected end of file in line 4"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "tests/fixtures/syntax_error.php",
"uriBaseId": "WORKINGDIR"
},
"region": {
"startLine": 4
}
}
}
]
},
{
"message": {
"text": "False can not be used as a standalone type in line 12"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "tests/fixtures/php-8.2_syntax.php",
"uriBaseId": "WORKINGDIR"
},
"region": {
"startLine": 12
}
}
}
]
}
]
}
]
} It's not yet completed, but a nice begin, isn't it ? |
Finally this feature will be re-integrated into next version 9.2.0. Will come shortly now ! |
The solution is based on new version 1.2.0 |
Available now : https://github.com/overtrue/phplint/releases/tag/9.2.0 NB: By default the SARIF report is (like PHP json_encode native function) unprettified (not human-readable) |
New Feature
Summary
SARIF (Static Analysis Results Interchange Format) is an OASIS Standard that defines an output file format.
Description
The SARIF standard is used to streamline how static analysis tools share their results by implementing a subset of the SARIF 2.1.0 JSON schema.
It would be cool to have a such output format in PHPLint.
Other Static Tool Analysers like
bartlett/sarif-php-sdk
Because I don't found any PHP library that support SARIF v2 specifications, I've published a PHP SDK as a new bartlett/sarif-php-sdk package already available on packagist that implement the full v2.1.0 specifications.
There are many examples of all Sarif objects, in my github project page, that make it easy to include in any other PHP Static Tool Analyser.
The text was updated successfully, but these errors were encountered: