You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Suppose you have an analysis tool MyTool.exe that accepts plug-ins, for example ContosoSecurityRules.dll. SARIF has no way to specify the versions of the plug-ins that the tool is using.
Worse than that: if your tool specifies plug-ins on the command line, then at least they'll show up in the invocation.commandLine property. But of your tool finds plug-ins by looking in a well-known directory, then they won't be on the command line, and even the names of the plug-ins won't appear in the SARIF file.
Proposal:
Define a plugIn object with properties fileLocation (of type fileLocation) and version (of type string). Give tool a new property plugIns of type "array of plugIn".
The text was updated successfully, but these errors were encountered:
Probably the plugIn object would have the same set of versioning properties that tool does: version, semanticVersion, and fileVersion (but not sarifLoggerVersion).
Suppose you have an analysis tool MyTool.exe that accepts plug-ins, for example ContosoSecurityRules.dll. SARIF has no way to specify the versions of the plug-ins that the tool is using.
Worse than that: if your tool specifies plug-ins on the command line, then at least they'll show up in the
invocation.commandLine
property. But of your tool finds plug-ins by looking in a well-known directory, then they won't be on the command line, and even the names of the plug-ins won't appear in the SARIF file.Proposal:
Define a
plugIn
object with propertiesfileLocation
(of typefileLocation
) andversion
(of typestring
). Givetool
a new propertyplugIns
of type "array ofplugIn
".The text was updated successfully, but these errors were encountered: