1. Opening Activities
1.1 Opening comments (Co-Chair David)
1.2 Introduction of participants/roll call (Co-Chair David)
| First Name | Last Name | Company | Role(s) |
|---|---|---|---|
| Aditya | Sharad | Microsoft | Voting Member |
| Aharon | Abadi | WhiteSource | Voting Member |
| Chris | Meyer | Microsoft | Voting Member |
| David | Keaton | Individual | Chair |
| Johnathan | Gilday | Contrast Security | Observer |
| Mary | Martin | Microsoft | Member |
| Michael | Fanning | Microsoft | Voting member |
| Nathan | Baird | Microsoft | Voting member |
| Paul | Anderson | GrammaTech, Inc. | Voting Member |
| Stefan | Hagen | Individual | Secretary, taking notes |
| Thanassis | Avgerinos | ForAllSecure Inc | Voting Member |
| Yekaterina | O'Neil | Micro Focus | Voting member |
1.3 Procedures for this meeting (Co-Chair David)
1.4 Approval of agenda (Co-Chair David)
Agenda was approved.
1.5 Approval of previous minutes (Co-Chair David)
Minutes were approved.
1.6 Review of action items and resolutions (Secretary Stefan)
- ACTION on xxx
1.7 Identification of SARIF TC voting members (Co-Chair David)
1.7.1 Prospective members attending their first meeting
1.7.2 Members attaining voting rights at the end of this meeting
1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
1.7.4 Members who previously lost voting rights who are attending this meeting
1.7.5 Members who have declared a leave of absence
2. Future Meetings
2.1 Future meeting schedule (Co-Chair Keaton)
-
Scheduled Teleconferences (Thursdays at 08:00 PT / 15:00 UTC for 1.5 hours)
June 16 June 30 -
Possible face-to-face meeting when pandemic permits
3. Liaisons
3.1 OpenSSF
3.1.1 Choose who will act as liaison
- Michael offers but strongly suggests another member joins force
3.1.2 Arrange to initiate contact with OpenSSF
- Michael will initiate
4. Discussion
4.1 Review recruitment effort to complete the technical committee
- Yekatarina: Trying to recruit an additional colleague
4.2 Review status on finalizing SARIF 2.1 errata List of next steps - github issue #509
- All discuss the status of review and clarify the nature of the received feedback
- Schema at https://raw.githubusercontent.com/schemastore/schemastore/master/src/schemas/json/sarif-2.1.0-rtm.5.json
4.3 Review current state of ecosystem ongoing work
- Chris:
- Ongoing work
4.4 Any continued report/discussion on metrics
- Ongoing
4.5 Discussion of updates to SARIF web site https://sarifweb.azurewebsites.net/
- All:
- Discuss further review of the website content to identify gaps or opportunities for requesting additions
- Candidate: https://github.com/Contrast-Security-OSS/java-sarif
4.6 Review outcomes of subgroup discussions
- Michael leads throught the reports
- Michael suggests to offer demos during the June meetings
- Chris seconds
- Michael shortly reports on the WhiteSource tools to visualize other SCA results
- Michael thinks we should be able to do similar things in SARIF also.
- Why not prototype that (using auto fix features available in VS Code already)
- Other annotation languages available in the Windows teams at Microsoft that could be available to demo in June
- Thanassis
- is very interested to go in that direction and explains additional opportunities to continue from there
- mentions the API solution as a quite simple to deploy service / application
- thinks that they may be able to show some ForAllSecurity demos after the June meetings
4.7 Status of Wikipedia page
- David
- Some progress made
- Shows everyone the existing draft page at https://en.wikipedia.org/wiki/Draft:SARIF
4.8 Discuss end-to-end results management (including code insights protocol)
None
5. Other Business
- Michael
- w.r.t. the wiki page
- do we have all important link in the wikipedia page (like press releases etc.)
- esp. to show the huge ecosystem
- also the events of publication have the OASIS announcements we could add as reference/links
- w.r.t. the web site content
- Plain old java objects (POJO) created from SARIF making sure we add all relevant content
- w.r.t. the wiki page
6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)
6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)
6.2 Review of Decisions Reached (Secretary Hagen)
- DECISION on domain for the content website trying to secure before next meeting
6.3 Review of Action Items (Secretary Hagen)
- ACTION on Chris to secure / purchase the proposed domain
- ACTION on Michael to initiate contact with OpenSSF
- ACTION on David to help Michael with the SARIF schema for the Errata
- ACTION on Chris to invite David and Michael on a website review meeting
- ACTION on Chris to solicit a working example from WhiteSource of their scenario
- ACTION on Chris to prepare a demo of the VS Code auto fix functionality
7. Next Meeting
Jun 16, 2022 / 08:00-09:30 PDT / 15:00-16:30 UTC
8. Adjournment
Meeting was adjourned.