Contrast-Security-OSS/java-sarif

POJOs generated from the Static Analysis Results Interchange Format (SARIF) JSON schema.

Java SARIF

Contains POJOs generated from the Static Analysis Results Interchange Format (SARIF) JSON schema.

It uses Jackson for serialising/deserialing from JSON.

Usage

Add as a dependency

<dependency>
  <groupId>com.contrastsecurity</groupId>
  <artifactId>java-sarif</artifactId>
  <version>2.0</version>
</dependency>

Developing with Java SARIF

All classes reside in the com.contrastsecurity.sarif package. The JSON schema used to generate them is located in src/main/resources/schema.

Building Objects

Building is provided with method chaining, e.g. for Message

import com.contrastsecurity.sarif.Message;
// ...
Message message = new Message()
    .withText("SQL Injection")
    .withMarkdown("# SQL Injection");

Public Getters & Setters are provided.

Jackson

Classes are decorated with @JsonInclude(JsonInclude.Include.NON_DEFAULT) and @JsonPropertyOrder which dictates the order from the JSON schema.

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
// ...
@JsonInclude(JsonInclude.Include.NON_DEFAULT)
@JsonPropertyOrder({
    "text",
    "markdown",
    "id",
    "arguments",
    "properties"
})
public class Message {
    // ...
}

---

This library uses jsonschema2pojo for generation.