Sarif Viewer
Visualizes the results contained in a 'Static Analysis Results Interchange Format' (SARIF) file. The viewer integrates with VS Code, displaying a list of analysis results and details in the Sarif Explorer, as well as in the source code.
Supports Sarif version '2.1.0'
Features
- Lists the results of open SARIF files in the Sarif Explorer (also shows up in Problems Panel)
- Navigation to the source location of the result
- Sarif Explorer shows details about the result:
- Result info
- Run info
- Code flow steps
- Attachments
- Fixes
- new Stacks
- Supports embedded target files
- Allows you to remap (in memory) source locations, if they can't be found using the location in the log file
- Can set rootpaths in the settings for the extension to try when looking for files, ex. the rootpath of your local enlistment
Code integration
- Highlighting of the result location
- Tooltips showing the message
- Gutter icons to help identify the location of the result
- Codeflow step regions are highlighted and labeled inline
- Icons visualizing codeflow step level changes
Call with a Return
Return from a Call
Call with no Return
Return with no Call
Convert Non-Sarif File
- Can open and convert a non-sarif static analysis file to sarif for analysis - see ChangeLog update 2.5.0 for list of supported tools
- To execute the convert command via the Command window(F1 key):
- Type in "Sarif: Convert and open a non-sarif file"
- Select the tool that generated the file
- In the file picker that opens up select the file
- To execute the convert command via the Command window(F1 key):
Update Sarif Version
- Can update older Sarif Versions to the latest version, on opening an older version a dialog lets you choose to:
- Update to a temp file location
- Update to a location via the save as dialog
- Not update, you can view the original file but the results will not be loaded
Sarif Explorer
- Automatically launches when the first Sarif file is opened
- Updates the Result Details Panel with the currently selected result in the Results List, Problems Panel, or in source code
- Manually open it by typing "Sarif: Launch the Sarif Explorer" in the Command Palette(F1) or using the hotkey (Ctrl+L then Ctrl+E)
Results List
- Available columns: Baseline State, Message, Result File, Position, Rule Id, Rule Name, Run Id, Sarif File, Severity, Kind, Rank, Tool, Automation Category, Automation Id, newLogical Location
- Group By: Results can be grouped by a column
- Groups are sorted by number of results in each group
- Sort By: Results are sortable by clicking the column header
- Filter: Show/Hide the Filter input area by clicking the Filter icon
- Toggle button for toggling Match Case
- No wildcard support yet
- Hide/Show columns: Visibility of each column can be toggled by clicking the Eye icon
- Clicking a result in the list will navigate to the source and display the details in the Sarif Explorer
- Persistence: Group By, Sort By, and Hidden columns are persisted in settings
API
An extension-to-extension public API is offered. This API is defined at src/extension/index.d.ts. An example of another extension calling this extension:
const sarifExt = extensions.getExtension('MS-SarifVSCode.sarif-viewer');
if (!sarifExt.isActive) await sarifExt.activate();
await sarifExt.exports.openLogs([
Uri.file('c:/samples/demo.sarif'),
]);Note: TypeScript typings for Extension<T> are forthcoming.
Using
Install
- Install Visual Studio Code
- Install the Sarif Viewer Extension
- Reload VS Code
Use
- Open a .sarif file
- Results will show up the Problems Panel
- Click the result you're investigating:
- The editor will navigate to the location
- The Sarif Explorer will open with the result details
Known Issues
- Check here for known issues
Feedback
Please post any feedback, suggestions or issues you have on the github repo issues page: https://github.com/Microsoft/sarif-vscode-extension/issues