The YAML file specifies the Source Code Analysis Integrated Framework Environment (SCAIFE) API definition beta version 0.0.2 [1,2,3], in a format that developers can easily use to view, modify, and automatically generate code from (e.g., with the Swagger-Editor and Swagger-Codegen tools ). The YAML file was almost entirely manually created by SEI developers. The only things that were auto-generated by Swagger tools within the YAML file are some of the examples.
SCAIFE is an architecture that supports static analysis alert classification and prioritization. It is designed so a wide variety of static analysis tools can integrate with the system using the API definition we are developing. We expect the API to be of interest to organizations that develop and/or research static analysis tools, static analysis alert auditing aggregators, and other static analysis alert auditing frameworks. This SCAIFE beta API definition can be referenced by developers, to help them to estimate development effort that would be required to modify their organization’s tool(s) to make and respond to SCAIFE API calls. Also, this beta API definition is being published with a goal of generating feedback from developers and organizations interested in implementing the SCAIFE API, to help improve SCAIFE API v1.0 to become more easily usable by developers for a wide variety of static analysis tools. Compared to the beta API definitions, the published SCAIFE API v1.0 definition will include implementation details, the architecture description, motivations, and a prototype system.
- Lori Flynn, Ebonie McNeil, and Aubrie Woods. "SCAIFE API Definition Beta Version 0.0.2 for Developers", whitepaper, Software Engineering Institute, June 14, 2019. https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=549351
- Lori Flynn, Ebonie McNeil, and Aubrie Woods. "Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe", technical report, Software Engineering Institure, May 13, 2019. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=546157
- "Using Automation to Prioritize Alerts from Static Analysis Tools", Software Engineering Institute webpage on research topic, created September 2017. https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=6453
- Swagger pinned repositories. GitHub Website. https://github.com/swagger-api