Java SARIF

Contains POJOs generated from the Static Analysis Results Interchange Format (SARIF) JSON schema.

It uses Jackson for serialising/deserialing from JSON.

Usage

Add as a dependency

<dependency>
  <groupId>com.contrastsecurity</groupId>
  <artifactId>java-sarif</artifactId>
  <version>2.0</version>
</dependency>

Developing with Java SARIF

All classes reside in the com.contrastsecurity.sarif package. The JSON schema used to generate them is located in src/main/resources/schema.

Building Objects

Building is provided with method chaining, e.g. for Message

import com.contrastsecurity.sarif.Message;
// ...
Message message = new Message()
    .withText("SQL Injection")
    .withMarkdown("# SQL Injection");

Public Getters & Setters are provided.

Jackson

Classes are decorated with @JsonInclude(JsonInclude.Include.NON_DEFAULT) and @JsonPropertyOrder which dictates the order from the JSON schema.

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
// ...
@JsonInclude(JsonInclude.Include.NON_DEFAULT)
@JsonPropertyOrder({
    "text",
    "markdown",
    "id",
    "arguments",
    "properties"
})
public class Message {
    // ...
}

---

This library uses jsonschema2pojo for generation.