The SARIF SDK contains .NET code and supporting files for working with the Static Analysis Results Interchange Format (SARIF). For more information about SARIF, see the SARIF Home Page. You can read the SARIF specification, or file issues in the SARIF GitHub repo.
To add the SARIF SDK to your project, install the Sarif.Sdk NuGet package. Sarif.Sdk depends on Newtonsoft.Json, which is installed automatically when you install Sarif.Sdk.
The types in the SARIF SDK are in the Microsoft.CodeAnalysis.Sarif
namespace.
The SARIF SDK provides a set of classes which represent the elements of the SARIF format. We refer to this as the "SARIF object model". The root type that represents a SARIF log file is SarifLog
. Other types in the SARIF object model are Result
, PhysicalLocation
, etc..
Note: The SARIF SDK's build process automatically generates the SARIF object model classes from the SARIF JSON schema, which you can find at src/Sarif/Schemata/sarif-schema.json
. Although these files do exist in the repo (under src/Sarif/Autogenerated
), you should never edit them by hand.
In addition to the object model, the SARIF SDK provides a set of helper classes to facilitate using Newtonsoft.Json to read and write SARIF log files.
If you want to build the SDK from source, rather than consuming the NuGet package, please refer to Devbox Setup for help setting up a compilation environment.
Then you should be able to build in Visual Studio or on the Command Line using
BuildAndTest.cmd
.
To learn how to accomplish common tasks with the SARIF SDK, such as reading and writing files from disk, see the How To page.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ, or contact [email protected] with any additional questions or comments.