sarif-tools

Fixed

• #55 part 2: Added executionSuccessful to copy operation output for SARIF schema compliance.

Fixed

• #58 Fixed regression that broke sarif diff command in v3.0.0.

Breaking Changes

• Changed Python API to use new IssueReport type for issue grouping and sorting:
  • SarifFileSet now has a get_report() method
  • s.get_result_count_by_severity() replaced by
    s.get_report().get_issue_type_histogram_for_severity(severity)
  • s.get_result_count_by_severity() replaced by
    s.get_report().get_issue_count_for_severity(severity)
  • s.get_records_grouped_by_severity() replaced by
    s.get_report().get_issues_for_severity(severity)

Added

• Support "none" severity level. It's only included in the output if present in the input.

Fixed

• #39 Truncate long summaries.
• Made issue sorting and grouping more consistent across the various reports.
• Multiple occurrences of a single issue are now sorted by location in the Word report.
• Improved debug and version reporting for when multiple versions are installed.
• For the copy operation, "invocation" in the resulting sarif is changed to an object to match the spec.
• #53 Fix the blame command for file:/// URL locations.

Compatibility

• Python 3.8+

Breaking Changes

• "Code" and "Description" are now separate columns in the CSV output, whereas before they were
  combined in the "Code" column. They are also separate keys in the "record" format if calling
  sarif-tools from Python.
• --blame-filter argument has been replaced with --filter, using a new YAML-based format for
  more general filtering to replace the previous ad hoc text format which only supported blame.
  • There is a new upgrade-filter command to upgrade your old blame filter files to the new
    format.
  • Thanks to @abyss638 for contributing this enhancement!

Added

• New codeclimate command to generate output for GitLab use.
  • Thanks to @abyss638 for contributing this enhancement!
• New emacs command to generate output for the popular Linux text editor.
  • Thanks to @dkloper for contributing this enhancement!
• #14 Support recursive glob
  • Thanks to @bushelofsilicon for contributing this enhancement!

Changed

• When an input SARIF file contains blame information, the csv command output now has a column
  for Author.
• #18 The diff command now prints up to three locations of new occurrences of issues (all are
  listed in the file output mode).

Fixed

• #4 and #19 docs improvements.
• #12 allow zero locations for record.
• #15 allow text to be absent in message object.
• #20 allow UTF8 with BOM (`utf-8-sig`` encoding)
  • Thanks to @ManuelBerrueta for contributing this fix!

Compatibility

• Python 3.8+

Changed

• Development, build and release is now based on python-poetry.
• No change to functionality since v0.3.0.

Compatibility

• Python 3.8+

Added

• Support for globs in Windows, e.g. sarif summary android*.sarif
• info and copy commands

Compatibility

• Python 3.8+

0.2.0 - 2022-01-07

Added

• --blame-filter argument.

Changed

• Compatible with Python v3.8. Previously, Python v3.9 was required.

Compatibility

• Python 3.8+

The first release of sarif-tools. We hope this tool will be useful to people working with software scanning and static analysis tools.

sarif-tools was originally developed during the Microsoft Global Hackathon 2021 by Simon Abykov, Nick Brabbs, Anthony Hayward, Sivaji Kondapalli, Matt Parkes and Kathryn Pentland. This first release is a tidied-up version of the final code from the Hackathon project.