feat: Add SARIF support for easier integration with SAST/SCA tools #564 #566
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This Python script is designed to parse SARIF (Static Analysis Results Interchange Format) files. Here’s a step-by-step summary of what the code does:
The parse_sarif function is defined to take a file path as an argument.
The function opens the file in read mode and loads the JSON data.
It extracts the SARIF version (if available) for reference.
It then extracts the ‘runs’ from the data. If no ‘runs’ are found, it returns an empty list.
For each ‘run’, it extracts the ‘results’.
It initializes an empty list, parsed_results, to store the parsed results.
For each ‘result’ in ‘results’, it extracts the ‘ruleId’, ‘message’, and ‘location’ (if available).
It appends each extracted result as a dictionary to parsed_results.
Finally, it returns a dictionary containing the SARIF version and the parsed results.
The example usage at the end of the script demonstrates how to use this function with a SARIF file path, and prints out the parsed data.
This script is useful for projects that need to analyze static analysis results from different tools in a standardized way, as SARIF is a widely adopted standard for representing such results. However, please note that this is a basic implementation and might need to be adapted based on your specific needs and the structure of your SARIF files.