The highest tagged major version is v7.

sarif

package

v5.13.1 Latest Latest Go to latest Published: Jul 17, 2025 License: MIT Imports: 12 Imported by: 1

Documentation ¶

Index ¶

func Severity(r Rule) report.SeverityLevel
func TransformToGLSASTReport(reader io.Reader, rootPath, analyzerID string, scanner report.Scanner, ...) (*report.Report, error)
type Location
type Report
type Result
type Rule
type RuleProperties
type Run

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Severity ¶

func Severity(r Rule) report.SeverityLevel

Severity converts a sarif severity value to a report severity value See: https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317855 for more information about the level property. The docs say that when level is not defined, then the value is equal to warning.

func TransformToGLSASTReport ¶

func TransformToGLSASTReport(reader io.Reader, rootPath, analyzerID string, scanner report.Scanner, rulesetConfig *ruleset.Config, partialScan *report.PartialScanType) (*report.Report, error)

TransformToGLSASTReport will take in a sarif file and output a GitLab SAST Report

Types ¶

type Location ¶

type Location struct {
	PhysicalLocation struct {
		ArtifactLocation struct {
			URI       string `json:"uri"`
			URIBaseID string `json:"uriBaseId"`
		} `json:"artifactLocation"`
		Region struct {
			StartLine   int `json:"startLine"`
			StartColumn int `json:"startColumn"`
			EndLine     int `json:"endLine"`
			EndColumn   int `json:"endColumn"`
		} `json:"region"`
	} `json:"physicalLocation"`
}

Location includes the source-code coordinates

type Report ¶

type Report struct {
	Schema  string `json:"$schema"`
	Version string `json:"version"`
	Runs    []Run  `json:"runs"`
}

Report is the serif SAST output format, see https://sarifweb.azurewebsites.net

type Result ¶

type Result struct {
	RuleID  string `json:"ruleId"`
	Message struct {
		Text string `json:"text"`
	} `json:"message"`
	Locations    []Location `json:"locations"`
	Suppressions []struct {
		Kind   string `json:"kind"`             // values= 'inSource', 'external'
		Status string `json:"status,omitempty"` // values= empty,'accepted','underReview','rejected'
		GUID   string `json:"guid,omitempty"`
	} `json:"suppressions,omitempty"`
	CodeFlows []struct {
		Message struct {
			Text string `json:"text"`
		} `json:"message"`
		ThreadFlows []threadFlow `json:"threadFlows"`
	} `json:"codeFlows,omitempty"`
}

Result represents a finding

type Rule ¶

type Rule struct {
	ID               string `json:"id"`
	Name             string `json:"name"`
	ShortDescription struct {
		Text string `json:"text"`
	} `json:"shortDescription"`
	FullDescription struct {
		Text string `json:"text"`
	} `json:"fullDescription"`
	DefaultConfiguration struct {
		Level string `json:"level"`
	} `json:"defaultConfiguration"`
	Properties RuleProperties `json:"properties"`
	HelpURI    string         `json:"helpUri"`
}

Rule includes semgrep rule information

type RuleProperties ¶

type RuleProperties struct {
	Precision        string   `json:"precision"`
	Tags             []string `json:"tags"`
	SecuritySeverity string   `json:"security-severity"`
}

RuleProperties includes rule metadata

type Run ¶

type Run struct {
	Invocations []invocation `json:"invocations"`
	Results     []Result     `json:"results"`
	Tool        struct {
		Driver struct {
			Name            string `json:"name"`
			SemanticVersion string `json:"semanticVersion"`
			Rules           []Rule `json:"rules"`
		} `json:"driver"`
	} `json:"tool"`
}

Run represents a scan

Source Files ¶

View all Source files

sarif.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL