I propose to introduce a new conformance profile, “producer”, to capture the requirements that are common to both direct producers and converters. For details, please see Issue #104.
The change draft is:
ChangeDrafts/Active/sarif-v2.0-issue-104-producer-profile.docx
Most of you probably won’t care about this. For those of you who do, please go through this change carefully. I took the opportunity to make a few editorial changes, for example:
- I now always write “SARIF producer” or “SARIF consumer” rather than just “producer” or “consumer”, because IMO it makes the normative requirements easier to spot.
Exception: If I have occasion to write “producer” several times in the same paragraph, I write out “SARIF producer” only the first time.
- I rephrased “the tool that produces the SARIF log file” to “the SARIF producer” in several places. It’s shorter, and it makes it easier to spot the normative requirements.
- In several places, I changed “static analysis tools” to “analysis tools” because ultimately I believe this spec will support dynamic analysis tools, and I don’t think there’s any reason to gratuitously use language which limits its applicability.
- I changed certain requirements from passive voice to active voice, making it clear that they are normative requirements on SARIF producers, rather than on the log file format. For example, I changed this:
In a log file produced by a converter, the semanticVersion property SHALL be absent.
… to this:
A converter SHALL NOT emit the semanticVersion property.
Thanks,
Larry