output to json

[smijolovic]

Been using the tooling for years....this is a must have in our code electron microscope ;)

Any suggestions to output to JSON?

[lyndon160]

I've just looked for this too.

If the author is interested, I'm happy to make a PR supporting this feature.

[david-a-wheeler]

The current thinking is that we'll generate SARIF, an OASIS standard, as described in #33. SARIF uses JSON. So we'd kill two birds with one stone.

Some other folks are working on generating SARIF, but there were some prep steps first. I'm hoping that they do all the hard lifting & then I just merge it :-).

[david-a-wheeler]

The SARIF support has been merged. Once this new version has been released, you'll get your JSON!!

[david-a-wheeler]

Version 2.0.16 has been released with SARIF support, use --sarif to generate it. That's a specific JSON format.

So I'm closing this.

[smijolovic]

Fantastic!

Keep up the great work making this valuable tool better and more adaptable for SAST inclusion.

[david-a-wheeler]

Gladly! I'll note that I also made a few improvements to the documentation to help people integrate the tool into their CI pipeline (if that's what they want to do).

Pull requests welcome :-).