OASIS Static Analysis Results Interchange Format (SARIF) TC

Join TC     TC Page     Send a comment to this TC

Defining a standard output format for static analysis tools

Luke Cartey, lcartey@github.com, Chair
David Keaton, dmk@dmk.com, Chair
Stefan Hagen, stefan@hagen.link, Secretary

Table of Contents

Announcements

Influx of Cybersecurity Leaders Sign On to Support New Version of OASIS SARIF Standard for Detecting Software Vulnerabilities. See the complete press release here.

Static Analysis Results Interchange Format (SARIF) Version 2.1.0 is now an OASIS Standard. For details, see the announcement.

View recording of SARIF briefing for prospective members, held 21 Sept 2018.

OASIS Awards 2018 Open Standards Cup to KMIP for Key Management Security and SARIF for Static Analysis Tools; 20 Aug 2018

Participation in the OASIS SARIF TC is open to all interested parties. SARIF TC members include major software companies, cybersecurity providers, government agencies, security orchestration specialists, programmers, and consultants. Contact join@oasis-open.org for more information.

Overview

SARIF TC members are developing an interoperability standard for detecting software defects and vulnerabilities. The goal is to define a common output format for static analysis tools that will make it feasible for developers and teams to view, understand, interact with, and manage the results produced by all their tools.

SARIF represents a leap forward in the usability of static analysis tools. Many organizations in the safety and security communities use several competing tools on their code. SARIF will allow them to combine and compare the results more easily to gain a sharper picture of the issues in their code that need to be addressed. Engineering teams will be able to easily access a broad range of potential defects and vulnerabilities in compliance with privacy and accessibility standards. SARIF will support the development of products whose code spans languages and operating systems.

For more information, see the SARIF TC Charter.

TC Tools and Approved Publications

Technical Work Produced by the Committee

Static Analysis Results Interchange Format (SARIF) Version 2.1.0. Edited by Michael C. Fanning and Laurence J. Golding. 27 March 2020. OASIS Standard. https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html. Latest stage: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html.

Static Analysis Results Interchange Format (SARIF) Version 2.1.0. Edited by Michael C. Fanning and Laurence J. Golding. 23 July 2019. OASIS Committee Specification 01. https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html. Latest version: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html.


Mailing Lists and Comments

sarif: the discussion list used by TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives.

sarif-comment: a public mailing list for providing feedback on the technical work of the OASIS SARIF TC. Send a comment or view the OASIS comment list archives.

Press Coverage and Commentary

Additional Information

Providing Feedback: OASIS welcomes feedback on its technical activities from potential users, developers, and others to better assure the interoperability and quality of OASIS work.