Documentation
¶
Overview ¶
Package sarif renders static-analysis findings as a SARIF 2.1.0 document — the Static Analysis Results Interchange Format that GitHub Code Scanning, GitLab, and other CI systems ingest. Map each finding to a Result, describe its rule in a Rule, identify your analyzer with a Tool, and call Write.
It is deliberately minimal and dependency-free (standard library only): one run, one driver, line-level result regions — the subset most analysis tools need to surface findings in Code Scanning. For richer SARIF (multiple runs, help URIs, fingerprints, suppressions) reach for a fuller library.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Result ¶
type Result struct {
RuleID string
Level string // "error" | "warning" | "note"; defaults to "warning" when empty
Message string
URI string // file path, relative to the repo root
StartLine int
EndLine int
}
Result is one finding: a rule id, severity level, human message, and location. A StartLine <= 0 omits the line region, producing a file-level result (e.g. for findings that have no single line).
type Rule ¶
Rule describes one rule id for the SARIF tool.driver.rules table. Each distinct RuleID emitted in results should have a matching Rule.
type Tool ¶
type Tool struct {
// Name is the driver name surfaced in Code Scanning (e.g. "staticcheck").
// Required — an empty name produces a technically-valid but unhelpful run.
Name string
// Version stamps the driver; omitted from the output when empty.
Version string
// InformationURI links to the tool's homepage/docs; omitted when empty.
InformationURI string
}
Tool identifies the analysis tool in the SARIF driver.