A group of Rust projects for interacting with the SARIF format.
Parse cargo clippy
output, convert to SARIF (clippy-sarif
), then pretty
print the SARIF to terminal (sarif-fmt
).
$ cargo clippy --message-format=json | clippy-sarif | sarif-fmt
$ warning: using `Option.and_then(|x| Some(y))`, which is more succinctly expressed as `map(|x| y)`
┌─ sarif-fmt/src/bin.rs:423:13
│
423 │ ╭ the_rule
424 │ │ .full_description
425 │ │ .as_ref()
426 │ │ .and_then(|mfms| Some(mfms.text.clone()))
│ ╰───────────────────────────────────────────────────────^
│
= `#[warn(clippy::bind_instead_of_map)]` on by default
for further information visit https://rust-lang.github.io/rust-clippy/master#bind_instead_of_map
Each CLI may be installed via cargo
, cargo-binstall or directly downloaded from the
corresponding Github release.
cargo install <cli_name> # ex. cargo install sarif-fmt
cargo binstall <cli_name> # ex. cargo binstall sarif-fmt
The latest version is continuously published and tagged.
Using curl
,
# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sarif-rs/releases/download/shellcheck-sarif-latest/shellcheck-sarif-x86_64-unknown-linux-gnu -o shellcheck-sarif
See each subproject for more detailed information:
clang-tidy-sarif
: CLI tool to convertclang-tidy
diagnostics into SARIF. See the Rust documentation.clippy-sarif
: CLI tool to convertclippy
diagnostics into SARIF. See the Rust documentation.hadolint-sarif
: CLI tool to converthadolint
diagnostics into SARIF. See the Rust documentation.shellcheck-sarif
: CLI tool to convertshellcheck
diagnostics into SARIF. See the Rust documentation.sarif-fmt
: CLI tool to pretty print SARIF diagnostics. See the Rust documentation.serde-sarif
: Typesafe SARIF structures for serializing and deserializing SARIF information using serde. See the Rust documentation.
Before you begin, ensure the following programs are available on your machine:
Assuming cargo
is installed on your machine, the standard cargo
commands can
be run to build and test all projects in the workspace:
cargo build
cargo test
For more information on specific configurations, refer to the
cargo
documentation.
nix
is used internally (ie. via test fixtures) to manage other dependencies
(so you don't have to manage them yourself.)
To release a new version (publish to crates.io), prefix the head commit with release:
and update the relevant rust crate versions. Once merged into main the pipeline should pick up the change and publish a new version.
- Stabilize the
serde-sarif
APIs - All around documentation improvements
- Lots of code cleanup, especially in the CLI codebases
- Testing
- General CI and release flow improvements
- Support for other converters
License: MIT