-
-
Notifications
You must be signed in to change notification settings - Fork 766
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support sarif as a report type - #3045 #3132
Conversation
detekt-report-sarif/src/test/kotlin/io/github/detekt/report/sarif/SarifOutputReportSpec.kt
Outdated
Show resolved
Hide resolved
I just skimmed through the code change list. Hence, I only have some general questions. |
3926d63
to
dd034bb
Compare
When the official MS java support will be out, we can and should migrate to it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to know. Thanks for the explanation. I really appreciate your work for supporting this feature. For me this PR looks fine.
Run().apply { | ||
tool = tool { | ||
driver = component { | ||
guid = "022ca8c2-f6a2-4c95-b107-bb72c43263f3" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this randomly generated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I generated it randomly once with UUID.getXXX()
.
As I've understand it, the guid needs to be the same between all detekt 1.x.y runs.
Correct me if I'm wrong here @michaelcfanning
detekt-report-sarif/src/main/kotlin/io/github/detekt/report/sarif/RuleDescriptors.kt
Outdated
Show resolved
Hide resolved
@arturbosch, just checking in on this, as there's strong interest internally at Microsoft for consuming this new report format. Any idea when it might be merged/available? |
Hey @michaelcfanning , thanks for interest and the ping. |
@arturbosch, glad to help w/any SARIF advice. The large # of optional properties/defaults is definitely a concern depending on your JSON mechanism. The C# SARIF SDK uses a library (Newtonsoft JSON.NET) that automatically elides/hydrates these on save/open. We autogenerated the C# OM that has appropriate attributes for this by writing a custom tool, 'JsonSchema.ToDotNet' that parses the SARIF JSON schema. We could consider a similar trick in your scenario, if your JSON serializer supports similar features. I took Larry's suggestion and have opened an issue to write a validator that flags all unnecessarily rendered default values. There's a lot of surface here to examine... Something to keep in mind, though: SARIF which contains this data is valid. You might consider hard-coding eliminating obvious things for now, while considering a more systematic/comprehensive solution. |
dd034bb
to
8a434e1
Compare
8a434e1
to
1f751e4
Compare
Codecov Report
@@ Coverage Diff @@
## master #3132 +/- ##
============================================
- Coverage 80.09% 80.07% -0.02%
- Complexity 2648 2651 +3
============================================
Files 440 443 +3
Lines 8013 8082 +69
Branches 1528 1536 +8
============================================
+ Hits 6418 6472 +54
- Misses 775 789 +14
- Partials 820 821 +1
Continue to review full report at Codecov.
|
@michaelcfanning thanks for the advice. |
* Support sarif as a report type - #3045 * Integrate sarif feedback from @lgolding * Test the whole sarif report instead of some json paths * Provide only the short description; we do not have access to the long one programmatically * Use the plain rule id as sarif rule name; the rule set id is encoded in the sarif rule id * Remove need for casting by using a when expression
* Support sarif as a report type - #3045 * Integrate sarif feedback from @lgolding * Test the whole sarif report instead of some json paths * Provide only the short description; we do not have access to the long one programmatically * Use the plain rule id as sarif rule name; the rule set id is encoded in the sarif rule id * Remove need for casting by using a when expression
New optional report format which can be plugged via
--plugins detekt-report-sarif.jar
:Output preview via the VSCode extension:
CI will fail due to not a published version of sarif4j. We need to wait until #3045 gets an answer from the sarif authors.