SarifIt - Static Analysis Results Interchange Format Builder

Lightweight [SARIF] builder library, allowing your tools to generate unified Code Quality reports.

Features

• Simple to use
• Wrappers to create SARIF objects
• Compliant with [SARIF 2.1.0]

Usage

Define a new Code Quality Analysis tool

import * as sarif from "@dev-build-deploy/sarif-it";

const tool = new sarif.Tool("code-scanner")
  .organization("dev-build-deploy")
  .version("0.0.0")
  .informationUri("https://github.com/dev-build-deploy/sarif-it#README.md");

const missingDocsRule = new sarif.Rule("MissingDocumentation")
  .name("Missing Documentation")
  .shortDescription("All repositories must contain a README.md containing basic instructions.")
  .fullDescription({
    text: "As documentation is important, we expect all repositories to contain at least a README.md file.",
    markown: "As documentation is *important*, we expect **all** repositories to contain *at least* a `README.md` file."
  })
  .helpUri("https://github.com/dev-build-deploy/sarif-it#README.md");

tool.addRule(missingDocsRule);

Create a Code Quality Analysis report

Assuming that we already have a Code Quality analysis tool defined (here);

import * as sarif from "@dev-build-deploy/sarif-it";

const log = new sarif.Log()
  .addRun(new sarif.Run(tool));  // NOTE: Example for creating a `tool` can be found in the previous chapter

const result = new sarif.Result("Missing Documentation")
  .ruleId("MissingDocumentation")
  .level("error")
  .addLocation({
    physicalLocation: {
      artifactLocation: {
        uri: "./README.md",
      },
    },    
  })

log.get("runs")[0].addResult(result);

Contributing

If you have suggestions for how sarif-it could be improved, or want to report a bug, open an issue! We'd love all and any contributions.

For more, check out the Contributing Guide.

License

• MIT © 2023 Kevin de Jong <monkaii@hotmail.com>