{"id":22939038,"url":"https://github.com/de-jcup/sarif-java","last_synced_at":"2025-04-01T19:45:27.233Z","repository":{"id":90131302,"uuid":"574924335","full_name":"de-jcup/sarif-java","owner":"de-jcup","description":"SARIF java library to read and write SARIF","archived":false,"fork":false,"pushed_at":"2023-03-18T11:29:26.000Z","size":121,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-02-07T12:48:56.563Z","etag":null,"topics":["generated","java","library","maven-central","sarif"],"latest_commit_sha":null,"homepage":"https://central.sonatype.com/artifact/de.jcup.sarif.java/sarif-2.1.0/1.0.1","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/de-jcup.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-06T11:26:37.000Z","updated_at":"2024-01-24T13:01:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"cb3fc307-8032-4164-9cc5-aeac851c5b1d","html_url":"https://github.com/de-jcup/sarif-java","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-jcup%2Fsarif-java","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-jcup%2Fsarif-java/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-jcup%2Fsarif-java/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/de-jcup%2Fsarif-java/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/de-jcup","download_url":"https://codeload.github.com/de-jcup/sarif-java/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246704967,"owners_count":20820654,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["generated","java","library","maven-central","sarif"],"created_at":"2024-12-14T12:36:22.989Z","updated_at":"2025-04-01T19:45:27.204Z","avatar_url":"https://github.com/de-jcup.png","language":"Java","readme":"ifdef::env-github[]\n:tip-caption: :bulb:\n:note-caption: :information_source:\n:important-caption: :heavy_exclamation_mark:\n:caution-caption: :fire:\n:warning-caption: :warning:\nendif::[]\n:toc:\n\n== About the project\n\n=== Purpose\n- A SARIF java library to read and write SARIF\n- Special logic for SARIF (e.g. when specified inside specification by pseudo code) shall be already implemented (ongoing process)\n- We will support different SARIF versions.\n\n=== License\nMIT-License\n\n\n=== Structure\nHere some information how we will support different SARIF versions inside this repository.\n\n[source,java]\n----\ngithub.com/de-jcup/sarif-java\n     /sarif-2.1.0-generator\n               build.gradle\t     \n\t    /gen\n                      /sarif-2.1.0 (generated gradle project)\n                       build.grade\n                      /src/main/java\n                      /src/test/java\n                /src/main/resources\n                        sarif.json\n\t /sarif-3.0-generator\n\t    build.gradle\n\t    /gen\n----\n\n=== Versioning\n\n==== Libary version\nWe will have the library version containing the SARIF version and our semantic version contained inside:\n\n`${sarif_version}-${ourMajor}.${ourMinor}.${ourHotfix}`.\n\nSo as an example: For sarif 2.1.0 in the first hotfix release of our library we will have library name: `2.1.0-1.0.1`.\nIf there are minor changes for this library necessary it will be `2.1.0-1.1.0`.\nIf there are major (breaking) changes for the next library, it will be `2.1.0-2.0.0`. \nIf the next release is only a bug fix release, we will have `2.1.0-2.0.1`.\n\n==== Package names\nThe package names do contain the SARIF version inside so easy to differentiate\n    \nFor example:\n```\t\n\tde.jcup.sarif_2_1_0.*\n\tde.jcup.sarif_3_0_0.* \n```\n\t\t\n=== Usage\nThe projects will use the library as a normal maven/gradle dependency.\nYou will find them at https://mvnrepository.com/artifact/de.jcup.sarif.java\n\n==== Sarif 2.1.0\n\n\nExample 1: Add the dependency to a gradle project\n\n[source,gradle]\n----\nimplementation group: 'de.jcup.sarif.java', name: 'sarif-2.1.0', version: '1.1.0'\n----\n\n===== Example 1\nLoad a SARIF 2.1.0 report from file\n\n[source,java]\n----\nSarifSchema210ImportExportSupport importExport = new SarifSchema210ImportExportSupport();\nSarifSchema210 sarifReport = importExport.fromFile(new File(\"./src/main/resources/sarif_2_1_0_example.json\"));\n----\n\n===== Example 2\nCreate a SARIF report\n\n[source,java]\n----\n SarifSchema210 sarif = new SarifSchema210();\n Run run1 = new Run();\n Tool tool1 = new Tool();\n ToolComponent driver = new ToolComponent();\n\n String driverGuid = \"1234-guid-test-tool-driver-id\";\n\n driver.setGuid(driverGuid);\n driver.setFullName(\"Only-Test\");\n\n tool1.setDriver(driver);\n run1.setTool(tool1);\n sarif.getRuns().add(run1);\n----\n\n===== Example 3\nFetch the resulting level for a result inside a run.\n\n[source,java]\n----\n SarifSchema210LogicSupport logicSupport = new SarifSchema210LogicSupport();\n SarifSchema210 sarifReport = createOrReadReportFromFile(); // ... must be implemented...\n \n Run run = sarifReport.getRuns().iterator().next();\n List\u003cResult\u003e results = run.getResults();\n  \n Iterator\u003cResult\u003e it = results.iterator();\n Result result1 = it.next();\n\n Level level1 = logicSupport.resolveLevel(result1, run1); //\u003c1\u003e\n----\n\u003c1\u003e This method call will handle automatically the override mechanism between a rule and a result level. +\n    It contains an implementation of the pseudo code defined in specification at https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317648\n\n===== More examples\n\nYou can find more examples inside unit tests at  +\nhttps://github.com/de-jcup/sarif-java/tree/main/sarif-2.1.0-generator/impl/sarif-2.1.0/src/test/java/de/jcup/sarif_2_1_0\n\n\n== Build\n- We have no generated source checked into the repository!\n- To build the complete library we have a `full-build.sh` script. This will generate sources, a custom gradle build file and build the \n  library parts afterwards.\n\n== Release\n- At release time we use an GitHub actions workflow which starts the build script and will upload to maven central by using the relase version tag.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fde-jcup%2Fsarif-java","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fde-jcup%2Fsarif-java","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fde-jcup%2Fsarif-java/lists"}