/sarif-rs

A group of Rust projects for interacting with the SARIF format

Primary LanguageRustMIT LicenseMIT

Workflow Status codecov

sarif-rs

A group of Rust projects for interacting with the SARIF format.

Example

Parse cargo clippy output, convert to SARIF (clippy-sarif), then pretty print the SARIF to terminal (sarif-fmt).

$ cargo clippy --message-format=json | clippy-sarif | sarif-fmt
$ warning: using `Option.and_then(|x| Some(y))`, which is more succinctly expressed as `map(|x| y)`
    ┌─ sarif-fmt/src/bin.rs:423:13
    │
423 │ ╭             the_rule
424 │ │               .full_description
425 │ │               .as_ref()
426 │ │               .and_then(|mfms| Some(mfms.text.clone()))
    │ ╰───────────────────────────────────────────────────────^
    │
    = `#[warn(clippy::bind_instead_of_map)]` on by default
      for further information visit https://rust-lang.github.io/rust-clippy/master#bind_instead_of_map

Install

Each CLI may be installed via cargo or directly downloaded from the corresponding Github release.

Cargo

cargo install <cli_name> # ex. cargo install sarif-fmt

Github Releases

The latest version is continuously published and tagged.

Using curl,

curl -sSL https://github.com/psastras/sarif-rs/releases/download/latest-x86_64-unknown-linux-gnu/sarif-fmt # make sure to adjust the target triplet (latest-<target_triplet>) to the correct target

Documentation

See each subproject for more detailed information:

  • clang-tidy-sarif: CLI tool to convert clang-tidy diagnostics into SARIF. See the Rust documentation.
  • clippy-sarif: CLI tool to convert clippy diagnostics into SARIF. See the Rust documentation.
  • hadolint-sarif: CLI tool to convert hadolint diagnostics into SARIF. See the Rust documentation.
  • shellcheck-sarif: CLI tool to convert shellcheck diagnostics into SARIF. See the Rust documentation.
  • sarif-fmt: CLI tool to pretty print SARIF diagnostics. See the Rust documentation.
  • serde-sarif: Typesafe SARIF structures for serializing and deserializing SARIF information using serde. See the Rust documentation.

Development

Before you begin, ensure the following programs are available on your machine:

Assuming cargo is installed on your machine, the standard cargo commands can be run to build and test all projects in the workspace:

cargo build
cargo test

For more information on specific configurations, refer to the cargo documentation.

nix is used internally (ie. via test fixtures) to manage other dependencies (so you don't have to manage them yourself.)

License: MIT