From 7bade5bda94feedddeb1ebc444ae044d807bfeb2 Mon Sep 17 00:00:00 2001 From: Michael Hohn Date: Wed, 21 Jun 2023 19:27:09 -0700 Subject: [PATCH] Comparing analysis results across sarif files --- doc/readme.in | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/doc/readme.in b/doc/readme.in index 510122f..697e1d6 100644 --- a/doc/readme.in +++ b/doc/readme.in @@ -923,9 +923,16 @@ git checkout 203343df Use the [[*SARIF viewer plugin][SARIF viewer plugin]] for detailed review and working with the results / queries. Use the [[*sarif-cli][sarif-cli]] for quick command-line comparison. -*** Expand query -** Compare results. -*** sarif-cli using compiler-style dump +** Comparing analysis results across sarif files + Use the [[*sarif-cli][sarif-cli]]. + + Options: + - use =sarif-results-summary= on each sarif result file individually, then + compare the resulting text files via =diff=-style tools + - (powerful, but effort required) if your version of CodeQL is compatible, use + =sarif-extract-scans-runner= to put all results into an SQL database and use + that to query the results. + ** Miscellany - Scale factor for building DBs: Common case: 15 minutes for a parallel cpp compilation can be a 2 hour database build for codeql.