-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename run.files to run.artifacts, fileLocation to artifactLocation #309
Comments
TC approves the change. |
E-BALLOT PROPOSALTo encourage the use of SARIF by tools that analyzes artifacts that do not exist as files on disk (for example, tools that analyze the responses to web requests), use the term "artifact" in preference to "file" except when a format item really does refer to a file on disk. SCHEMA CHANGES
|
This draft contains all the changes through "e-ballot #2," which opened on Friday March 15 and will close on Friday March 22. It contains changes for ballot issues #168, #291, #309, #320, #321, #326, #335, and #341, as well as for previously approved issue #340. It does _not_ contain changes for any issues from "e-ballot #3," which will open on Friday March 22 and close on Friday March 29.
Approved in e-ballot #2. |
This updates the SARIF exporter to produce SARIF 2.1 output. The bulk of the diffs come from two changes to SARIF: * oasis-tcs/sarif-spec#309 * oasis-tcs/sarif-spec#179 Differential Revision: https://reviews.llvm.org/D65211 llvm-svn: 370068
This updates the SARIF exporter to produce SARIF 2.1 output. The bulk of the diffs come from two changes to SARIF: * oasis-tcs/sarif-spec#309 * oasis-tcs/sarif-spec#179 Differential Revision: https://reviews.llvm.org/D65211 git-svn-id: http://llvm.org/svn/llvm-project/cfe/trunk@370068 91177308-0d34-0410-b5e6-96231b3b80d8
I am working with an internal team at MS that is utilizing SARIF for a set of services that provide scanning and scan results. This system operates exclusively against streams, there is nothing in the way of a file system that's involved.
SARIF is used as a kind of message envelope in this system: the team populates it with various SARIF values that the automation system knows about, such as correlation guids, instance ids, etc. The files table is used to specify scan stream targets. In some cases, these streams are downloaded. In other cases, the URIs are provided simply to use as identifiers in results (the request itself contains the scan streams to analyze).
Feedback from this team is that it is strange to constantly populate run.files and fileLocation instances for this scenario. Their suggestion was to make this more general, such as using 'artifact' as an alternate term.
I think we do aspire to have a format that works well in a services environment (this is a primary reason we chose JSON as a format). I'd be fine with this change.
@lgolding
The text was updated successfully, but these errors were encountered: