hohn/sarif-cli
1
0
Fork 0
mirror of https://github.com/hohn/sarif-cli.git synced 2025-12-16 17:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add 'SARIF and Signatures' section

Browse Source
This commit is contained in:
Michael Hohn
2023-12-06 14:09:51 -08:00
committed by =Michael Hohn
parent 68ce4ab5aa
commit 95a6aaed6a
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
notes/README.org
View File

@@ -296,6 +296,24 @@ Name: automationDetails, dtype: object
And repeat [[*Run using embedded repls][Run using embedded repls]], then And repeat [[*Run using embedded repls][Run using embedded repls]], then
[[*Check if =automationDetails= or its value is in output][Check if =automationDetails= or its value is in output]] [[*Check if =automationDetails= or its value is in output][Check if =automationDetails= or its value is in output]]
* SARIF and Signatures
signature here is e.g., struct_graph_LGTM in ./sarif_cli/signature_single.py
The signatures are those produced by codeql in the past. They are not meant to
be updated frequently; they arose and are used as follows.
1. The SARIF standard is quite loose, with many optional fields.
2. For producing CSV tabular output (and for internal table processing), the
sarif-cli tool needed an exact signature. Using existing SARIF files was a
straightforward way to get a signature.
3. When a SARIF file contains extra keys, a warning is issued but processing
continues.
4. When a sarif file is missing an entry thats in the signature, a fatal error
is issued.
The only time you need to update the signature is when you get fatal errors —
there will be a detailed message about expected vs. found fields.
* Footnotes * Footnotes
#+HTML: </div> #+HTML: </div>