/sarif-rs

A group of Rust projects for interacting with the SARIF format

Primary LanguageRustMIT LicenseMIT

Workflow Status codecov

sarif-rs

A group of Rust projects for interacting with the SARIF format.

Example

Parse cargo clippy output, convert to SARIF (clippy-sarif), then pretty print the SARIF to terminal (sarif-fmt).

$ cargo clippy --message-format=json | clippy-sarif | sarif-fmt
$ warning: using `Option.and_then(|x| Some(y))`, which is more succinctly expressed as `map(|x| y)`
    ┌─ sarif-fmt/src/bin.rs:423:13
    │
423 │ ╭             the_rule
424 │ │               .full_description
425 │ │               .as_ref()
426 │ │               .and_then(|mfms| Some(mfms.text.clone()))
    │ ╰───────────────────────────────────────────────────────^
    │
    = `#[warn(clippy::bind_instead_of_map)]` on by default
      for further information visit https://rust-lang.github.io/rust-clippy/master#bind_instead_of_map

Install

Each CLI may be installed via cargo, cargo-binstall or directly downloaded from the corresponding Github release.

Cargo

cargo install <cli_name> # ex. cargo install sarif-fmt

Cargo-binstall

cargo binstall <cli_name> # ex. cargo binstall sarif-fmt

Github Releases

The latest version is continuously published and tagged.

Using curl,

# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sarif-rs/releases/download/shellcheck-sarif-latest/shellcheck-sarif-x86_64-unknown-linux-gnu -o shellcheck-sarif

Documentation

See each subproject for more detailed information:

  • clang-tidy-sarif: CLI tool to convert clang-tidy diagnostics into SARIF. See the Rust documentation.
  • clippy-sarif: CLI tool to convert clippy diagnostics into SARIF. See the Rust documentation.
  • hadolint-sarif: CLI tool to convert hadolint diagnostics into SARIF. See the Rust documentation.
  • shellcheck-sarif: CLI tool to convert shellcheck diagnostics into SARIF. See the Rust documentation.
  • sarif-fmt: CLI tool to pretty print SARIF diagnostics. See the Rust documentation.
  • serde-sarif: Typesafe SARIF structures for serializing and deserializing SARIF information using serde. See the Rust documentation.

Development

Before you begin, ensure the following programs are available on your machine:

Assuming cargo is installed on your machine, the standard cargo commands can be run to build and test all projects in the workspace:

cargo build
cargo test

For more information on specific configurations, refer to the cargo documentation.

nix is used internally (ie. via test fixtures) to manage other dependencies (so you don't have to manage them yourself.)

Releasing

To release a new version (publish to crates.io), prefix the head commit with release: and update the relevant rust crate versions. Once merged into main the pipeline should pick up the change and publish a new version.

TODOs

  • Stabilize the serde-sarif APIs
  • All around documentation improvements
  • Lots of code cleanup, especially in the CLI codebases
  • Testing
  • General CI and release flow improvements
  • Support for other converters

License: MIT