[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SARIF writer and SWAMP SCARF to SARIF converter
Hi, For use in the SWAMP (https://www.continuousassurance.com), we created an open source Perl library to produce SARIF (https://github.com/mirswamp/swamp-sarif-io). It provides a streaming interface based on the streaming library used to write a SCARF (SWAMP Common Assessment Result Format) formatted file. Although it was written for for use by the SWAMP, it not specific to the SWAMP. We used this library to produce a converter (https://github.com/mirswamp/swamp-scarf-sarif) from SCARF to SARIF. Currently the converter produces valid SARIF files from assessment results of 35 of the tools supported in the SWAMP, and contains all the data from SCARF and some data from other artifacts produced during assessments in the SWAMP. We will soon make available SARIF files containing assessment results from many packages and tools combinations produced by the converter. We will also continue to enhance the library with additional functionality to support more of SARIF starting with additional data that we can extract from the SWAMP artifacts and raw tool output. Any comments or suggestion are welcome. Jim
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]