{"id":15642451,"url":"https://github.com/owenrumney/go-sarif","last_synced_at":"2025-05-15T12:04:36.348Z","repository":{"id":37504235,"uuid":"306441989","full_name":"owenrumney/go-sarif","owner":"owenrumney","description":"Go library for SARIF - Static Analysis Results Interchange Format","archived":false,"fork":false,"pushed_at":"2025-04-10T13:24:48.000Z","size":372,"stargazers_count":74,"open_issues_count":0,"forks_count":23,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-14T22:19:18.981Z","etag":null,"topics":["hacktoberfest","reporting-tools","sarif","sarif-report","security","security-tools","static-analysis","tfsec"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/owenrumney.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"owenrumney"}},"created_at":"2020-10-22T19:42:15.000Z","updated_at":"2025-04-10T13:24:32.000Z","dependencies_parsed_at":"2024-02-09T12:44:54.793Z","dependency_job_id":"3813dba3-b3ae-49cb-8965-0d79c32ffea9","html_url":"https://github.com/owenrumney/go-sarif","commit_stats":null,"previous_names":["owenrum/go-sarif"],"tags_count":57,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owenrumney%2Fgo-sarif","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owenrumney%2Fgo-sarif/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owenrumney%2Fgo-sarif/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owenrumney%2Fgo-sarif/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/owenrumney","download_url":"https://codeload.github.com/owenrumney/go-sarif/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254337612,"owners_count":22054253,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","reporting-tools","sarif","sarif-report","security","security-tools","static-analysis","tfsec"],"created_at":"2024-10-03T11:56:17.328Z","updated_at":"2025-05-15T12:04:31.333Z","avatar_url":"https://github.com/owenrumney.png","language":"Go","funding_links":["https://github.com/sponsors/owenrumney"],"categories":[],"sub_categories":[],"readme":"# go-sarif\n[![Go Report Card](https://goreportcard.com/badge/github.com/owenrumney/go-sarif/v3)](https://goreportcard.com/report/github.com/owenrumney/go-sarif/v3)\n[![Github Release](https://img.shields.io/github/release/owenrumney/go-sarif.svg)](https://github.com/owenrumney/go-sarif/releases)\n\n## Overview\n\nSARIF is the Static Analysis Results Interchange Format, this project seeks to provide a simple interface to generate reports in the SARIF format.\n\n## Usage\n\nAdd an import to `go get github.com/owenrumney/go-sarif/v3`\n\n### Parsing a SARIF report\n\nThere are a number of ways to load in the content of a SARIF report.\n\nFor a `v2.1.0` report use `import \"github.com/owenrumney/go-sarif/v3/pkg/report/v210/sarif\"`\n\nFor a `v2.2` report, use `import \"github.com/owenrumney/go-sarif/v3/pkg/report/v22/sarif\"`\n\n\n#### Open\n\n`sarif.Open` takes a file path and loads the SARIF from that location. Returns a report and any corresponding error\n\n#### FromBytes\n\n`sarif.FromBytes` takes a slice of byte and returns a report and any corresponding error.\n\n#### FromString\n\n`sarif.FromString` takes a string of the SARIF content and returns a report and any corresponding error.\n\n### Validating a Report\n\nOnce you have the report object, you can call `valid, err := report.Validate()` to get a list of any issues. This will evaluate the report against the schema.\n\n### Creating a new report\n\nCreating a new SARIF report can be done directly with the `sarif` package or using the `report` package at `github.com/owenrumney/go-sarif/v3/pkg/report`\n\nfor a detailed example check the example folder [example/main.go](example/main.go)\n\n```go\n\nimport (\n \"github.com/owenrumney/go-sarif/v3/pkg/report\"\n \"github.com/owenrumney/go-sarif/v3/pkg/report/v22/sarif\"\n)\n\n...\n\n// create the basic report shell\nrep := report.NewV22Report()\n\n// create a run \nrun := sarif.NewRunWithInformationURI(\"my tool\", \"https://mytool.com\")\n\n// create a failed Rule\nrun.AddRule(\"rule#1\").\n WithDescription(\"This rule is a really important one\").\n WithHelpURI(\"https://mytool.com/rules/rule1\").\n WithMarkdownHelp(\"# Try not to make this mistake\")\n\n// add the location an artifact\nrun.AddDistinctArtifact(\"file:///Users/me/code/myCode/terraform/main.tf\")\n\n// crete a result for the rule\nrun.CreateResultForRule(\"rule#1\").\n WithLevel(\"high\").\n WithMessage(sarif.NewTextMessage(\"This rule was breached in the file\")).\n AddLocation(\n sarif.NewLocationWithPhysicalLocation(\n sarif.NewPhysicalLocation().\n WithArtifactLocation(\n sarif.NewSimpleArtifactLocation(\"file:///Users/me/code/myCode/terraform/main.tf\")\n ).WithRegion(\n // set the line numbers of the issue\n sarif.NewSimpleRegion(1, 4)\n ),\n ),\n )\n \n// add the run to the report\nrep.AddRun(run)\n\n// validate the report\nif err := rep.Validate(); err != nil {\n println(err)\n}\n\n\n\n\n\n```\n\n### Example report\n\nThis example is taken directly from the [Microsoft SARIF pages](https://github.com/microsoft/sarif-tutorials/blob/master/docs/1-Introduction.md)\n\n```json\n{\n \"version\": \"2.1.0\",\n \"$schema\": \"(https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json)\",\n \"runs\": [\n {\n \"tool\": {\n \"driver\": {\n \"name\": \"ESLint\",\n \"informationUri\": \"https://eslint.org\",\n \"rules\": [\n {\n \"id\": \"no-unused-vars\",\n \"shortDescription\": {\n \"text\": \"disallow unused variables\"\n },\n \"helpUri\": \"https://eslint.org/docs/rules/no-unused-vars\",\n \"properties\": {\n \"category\": \"Variables\"\n }\n }\n ]\n }\n },\n \"artifacts\": [\n {\n \"location\": {\n \"uri\": \"file:///C:/dev/sarif/sarif-tutorials/samples/Introduction/simple-example.js\"\n }\n }\n ],\n \"results\": [\n {\n \"level\": \"error\",\n \"message\": {\n \"text\": \"'x' is assigned a value but never used.\"\n },\n \"locations\": [\n {\n \"physicalLocation\": {\n \"artifactLocation\": {\n \"uri\": \"file:///C:/dev/sarif/sarif-tutorials/samples/Introduction/simple-example.js\",\n \"index\": 0\n },\n \"region\": {\n \"startLine\": 1,\n \"startColumn\": 5\n }\n }\n }\n ],\n \"ruleId\": \"no-unused-vars\",\n \"ruleIndex\": 0\n }\n ]\n }\n ]\n}\n```\n\n\n## More information about SARIF\nFor more information about SARIF, you can visit the [Oasis Open](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif) site.\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowenrumney%2Fgo-sarif","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowenrumney%2Fgo-sarif","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowenrumney%2Fgo-sarif/lists"}