Github Ingestion Rules - Specification

Question

Github Ingestion Rules - Specification

Closed this issue a year ago · 3 comments

Hello,

On the https://sarifweb.azurewebsites.net/Validation site, there is a checkbox to enable the "GitHub ingestion rules". These appear to be requirements imposed by GitHub that extend beyond the requirements of the SARIF 2.1.0 specification.

Is there a site (either from the OASIS/SARIF team or from GitHub themselves) which documents these additional requirements?

Thanks,
Richard Seeton

Answer 1 · 2023-11-03T15:19:28.000Z

There is a GitHub-specific validation policy at https://github.com/microsoft/sarif-sdk/tree/v4.2.1/policies, and documentation for the referenced validation rules at https://github.com/microsoft/sarif-sdk/blob/v4.2.1/docs/ValidationRules.md. However, I'm not sure these are what the web site uses.

Answer 2 · 2023-11-03T15:26:26.000Z

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#supported-sarif-output-file-properties may also be useful.

Answer 3 · 2023-11-04T16:55:02.000Z

Excellent, thank you Kalle. This provides the information required.