New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SARIF 2.1.0 discard suppressed results #156
Comments
Agreed. We are currently working on displaying a number of results processed by the sarif-sdk, which supports suppressing results. Jenkins is displaying all of the results, rather than only the not suppressed results. |
I spent a bit of time looking at this, and it appears that the The rules should be as follows (following the details in the SARIF SDK: https://github.com/microsoft/sarif-sdk/blob/025f64caf6603d5cc800ce1b4139641cd286ebee/src/Sarif/Core/Result.cs#L102
|
expiryUtc is not part of the SARIF-v2.1.0 standard though. Is it used in some SARIF logs that you want to parse with this library, or are you just trying to support all known features? |
Agreed. While not part of the standard, I'm just trying to set parity between the sarif-sdk processing SARIF results and the violations parser used to display those results in Jenkins. In this case, the sarif-sdk supports setting the |
I want the library to just normalize the reports into a common format. And the tools using the
|
That makes sense. Sounds like we may need to open a related issue in either the analysis-model or ng-warnings repos to filter suppressed issues using the new specifics field. |
I'm closing this issue. Open it again if any problems. |
A SARIF 2.1.0 log can include some results that are suppressed. For example, the Roslyn C# compiler can write such a log if the source code includes a
#pragma
directive that disables a warning that it would otherwise deserve. Because Violation does not support the suppression concept, I think SarifParser should discard the suppressed results rather than translate them to Violation instances. Please see [SARIF-v2.1.0] §3.27.23 for information about theresult.suppressions
property, and #155 (comment) for a sample SARIF log with a suppressed warning.The text was updated successfully, but these errors were encountered: