-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should we allow file identity to be specified by reference to a commit... #14
Comments
Notes from TC con call, 2017/09/27:
|
When referring to files in repositories, do we want to use an absolute path from the root of the file system? For example; there are two clones of the same repository, at the same revision, plus a versioned file in each one: If we run static analysis on each directory, how will we be able to merge the reports? Do we store the relative path within the repository? Do we store absolute paths? How do we see these files are the same? |
Something to consider:
In these example changesets, a.txt is only changed in the first one. The a.txt file is identical at all of these revisions. If we want to refer to this version of the file canonically, we should use the first revision: b225710. The benefit of doing this is in merging reports. If we had one static analysis run on b95da14, and a second one on f099d4a, the a.txt file (including version information) is already the same in both of them. |
To the extent that this is about specifying an overall commit for the code base, this is tracked in #108. To the extent that you can locate a file at a given commit by means of a URL, that's a matter of setting the URL properly and there's nothing more to do. |
Copied from sarif-standard/sarif-spec-v1#130, created by @lgolding:
... (in a specific repo) rather than by a hash?
This is related to sarif-standard/sarif-spec/#28, but it's about not wanting to have to hash even the few files that are mentioned in the results, whereas sarif-standard/sarif-spec/#28 is about not wanting to have to mention all the files.
The text was updated successfully, but these errors were encountered: