{"id":28900370,"url":"https://github.com/radareorg/r2sarif","last_synced_at":"2026-02-14T05:35:04.181Z","repository":{"id":228745116,"uuid":"774418043","full_name":"radareorg/r2sarif","owner":"radareorg","description":"Load, manage and create SARIF documents with radare2","archived":false,"fork":false,"pushed_at":"2025-03-27T03:53:36.000Z","size":222,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-26T13:52:57.889Z","etag":null,"topics":["radare2","reports","sarif","security"],"latest_commit_sha":null,"homepage":"https://www.radare.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/radareorg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":null,"patreon":null,"open_collective":"radareorg","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2024-03-19T14:14:50.000Z","updated_at":"2025-12-25T08:21:52.000Z","dependencies_parsed_at":null,"dependency_job_id":"d96b3ff5-585b-4c51-8e1c-0c2396ea0cc9","html_url":"https://github.com/radareorg/r2sarif","commit_stats":{"total_commits":30,"total_committers":2,"mean_commits":15.0,"dds":0.09999999999999998,"last_synced_commit":"fff98ea3a7bb0792e6db1bca17eb23483bf986f5"},"previous_names":["radareorg/r2sarif"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/radareorg/r2sarif","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2sarif","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2sarif/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2sarif/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2sarif/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/radareorg","download_url":"https://codeload.github.com/radareorg/r2sarif/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/radareorg%2Fr2sarif/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29438608,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T05:24:35.651Z","status":"ssl_error","status_checked_at":"2026-02-14T05:24:34.830Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["radare2","reports","sarif","security"],"created_at":"2025-06-21T09:39:53.514Z","updated_at":"2026-02-14T05:35:04.176Z","avatar_url":"https://github.com/radareorg.png","language":"TypeScript","funding_links":["https://opencollective.com/radareorg"],"categories":[],"sub_categories":[],"readme":"# SARIF support for Radare2\n\n![ci](https://github.com/radareorg/r2sarif/actions/workflows/ci.yml/badge.svg?branch=main)\n\nStatic Analysis Results Interchange Format (SARIF) Version 2.0\n\n--pancake\n\n## Description\n\nThis plugin for radare2 adds the `sarif` command to the r2 shell which allows\nto import and export SARIF documents (JSON files) into the current session,\nallowing the analyst to report and visualize the reported vulnerabilities in\na binary using a standard file format.\n\n## Installation\n\nThis is the recommended way to install r2sarif nowadays, in your home and symlinked.\n\n```\n$ make \u0026\u0026 make user-symstall\n```\n\nFor distro packaging reasons you may want to use make install instead.\n\nUse the classic `user-uninstall` and `uninstall` targets to get rid of it.\n\n## Usage\n\n```\n[0x00000000]\u003e sarif?\nsarif add [L] [id] [M]  - add a new result with selected driver\nsarif alias [newalias]  - create an alias for the sarif command\nsarif export            - export added rules as sarif json\nsarif help              - show this help message (-h)\nsarif list [help]       - list drivers, rules and results\nsarif load [file]       - import sarif info from given file\nsarif r2                - generate r2 script to import current doc results\nsarif reset             - unload all documents\nsarif select [N]        - select the nth driver\nsarif unload [N]        - unload the nth document\nsarif version           - show plugin version\n[0x00000000]\u003e\n```\n\nFirst you need to load the drivers with their rules, so you can load them as\nflags and comments into your r2 session and use them to create your\n\n```\n[0x00000000]\u003e sarif load rules.json\n```\n\nThose can be listed with `sarif list [what]` and use `sarif select` to pick\nwhich document you want the rest of commands to use.\n\n## Creating your own sarif document\n\n* Seek to the offset where the vulnerability is spotted\n  * `s 0x802180490`\n* Add a warning note in the current offset associated with a comment\n  * `sarif addw SF01010 Do not use this API`\n\nYou can now export the sarif file in json using the following command:\n\n```\n[0x00000000]\u003e sarif dump \u003e sarif.report.json\n[0x00000000]\u003e sarif r2 \u003e sarif.script.r2\n```\n\nAlternatively you can combine multiple finding documents and load that info inside r2:\n\n```\n[0x00000000]\u003e sarif load report0.json\n[0x00000000]\u003e sarif load report1.json\n[0x00000000]\u003e .sarif r2\n```\n\nYou will have flags prefixed with `sarif.` to spot them in the binary. `f~^sarif`\n\n## Reference Links\n\n* https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning\n* https://github.com/microsoft/sarif-tutorials/\n* https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html\n* https://sarifweb.azurewebsites.net/#Specification\n* https://github.blog/2024-02-14-fixing-security-vulnerabilities-with-ai/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fradareorg%2Fr2sarif","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fradareorg%2Fr2sarif","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fradareorg%2Fr2sarif/lists"}