[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json
(and thanks to Ykaterina for pointing out the problem)
-----Original Message-----
From: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>
Sent: Friday, April 3, 2020 5:05 PM
To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; David Keaton <dmk@dmk.com>; sarif@lists.oasis-open.org
Subject: RE: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json
Here you go. "Inspired by" our conformance clauses; not mapped 1:1 with them, but a pretty good sampling of the kinds of uses we'll see:
- Static analysis tools
- Static analysis results visualization tools (viewers)
- Bug filing tools
- Defect databases
- Compliance systems
And yes, still "non-exhaustive".
-----Original Message-----
From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of Larry Golding (Myriad Consulting Inc)
Sent: Friday, April 3, 2020 5:01 PM
To: David Keaton <dmk@dmk.com>; sarif@lists.oasis-open.org
Subject: RE: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json
That sounds like a great idea, thanks! (And the sql example does answer my question: the intent of the question is "what kinds of software would use this type", not "what kinds of software are using it now".)
-----Original Message-----
From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of David Keaton
Sent: Friday, April 3, 2020 4:59 PM
To: sarif@lists.oasis-open.org
Subject: Re: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json
Larry,
Maybe we are being too specific. For example, if you look at the description for application/sql, it just says "Databases and related tools" instead of listing product names.
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc6922&data=02%7C01%7Cv-lgold%40microsoft.com%7Cf95b037ecc39418e939d08d7d82bd844%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215555125357617&sdata=mFBzD6GfoPi6bLe6BnDqv6OtERW6pnloiruhv9yKstQ%3D&reserved=0
What if we went through the conformance clauses and picked out generic descriptions for tools, such as "static analyzers," "static analysis results visualization tools," etc. (still keeping the list labeled as not exhaustive)? Does that sound reasonable to you?
David
On 4/3/20 4:51 PM, Larry Golding (Myriad Consulting Inc) wrote:
> Oh!
>
> That is a very interesting point. Maybe I was answering the wrong question. I was answering the question "What applications use SARIF files?". I was not answering the question "What applications currently use application/sarif+json" to designate SARIF files?"
>
> Because the answer to _that_ question is "None" ð
>
> David, what should I be doing here?
>
> -----Original Message-----
> From: Yekaterina O'Neil <katrina@microfocus.com>
> Sent: Friday, April 3, 2020 4:49 PM
> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>;
> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media
> type application/sarif+json
>
> I am not sure :)
> I was just referring to the document you sent where it says:
>
> " Applications that use this media type: The following list is not exhaustive:
>
> - CodeHawk-C
> - Fortify
> ...
> "
>
> k
>
> -----Original Message-----
> From: Larry Golding (Myriad Consulting Inc)
> [mailto:v-lgold@microsoft.com]
> Sent: Friday, April 03, 2020 4:46 PM
> To: Yekaterina O'Neil <katrina@microfocus.com>; James Kupsch
> <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media
> type application/sarif+json
>
> It is absolutely not a problem that you're not already using media type application/sarif+json for SARIF files.
>
> Just curious, in what context do you even have occasion to specify a media type? And are you currently using something else in that context, like application/json?
>
> -----Original Message-----
> From: Yekaterina O'Neil <katrina@microfocus.com>
> Sent: Friday, April 3, 2020 4:43 PM
> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>;
> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media
> type application/sarif+json
>
> The first: that we are not already using it k
>
> -----Original Message-----
> From: sarif@lists.oasis-open.org [mailto:sarif@lists.oasis-open.org]
> On Behalf Of Larry Golding (Myriad Consulting Inc)
> Sent: Friday, April 03, 2020 4:42 PM
> To: Yekaterina O'Neil <katrina@microfocus.com>; James Kupsch
> <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
> Subject: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration
> for media type application/sarif+json
>
> Sorry Ykaterina, are you asking if it's a problem that you might _not_ already be using it? Or that you _are_ already using it? Or that you've already _registered_ it? Or something else entirely? ð I think I'm missing some context here.
>
> -----Original Message-----
> From: Yekaterina O'Neil <katrina@microfocus.com>
> Sent: Friday, April 3, 2020 4:40 PM
> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>;
> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media
> type application/sarif+json
>
> I am not sure we're already using sarif+json media type -- is this an issue?
> k
>
> -----Original Message-----
> From: sarif@lists.oasis-open.org [mailto:sarif@lists.oasis-open.org]
> On Behalf Of Larry Golding (Myriad Consulting Inc)
> Sent: Friday, April 03, 2020 12:53 PM
> To: James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org
> Subject: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration
> for media type application/sarif+json
>
> Thanks, Jim, that's very helpful. Here's an update.
>
> The next step (optional, but "strongly encouraged" by RFC 6838 Â5.1) is to solicit "community review" by sending our draft to media-type@iana.org. After that we can submit our "Application for Media Type" using the online form at https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iana.org%2Fform%2Fmedia-types&data=02%7C01%7Cv-lgold%40microsoft.com%7Cf95b037ecc39418e939d08d7d82bd844%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215555125367609&sdata=j%2FNtfCFxt4VXyDzTCUThWDquMXMA7uluitUcxdX5hSQ%3D&reserved=0.
>
> I'll wait until Monday afternoon to give everybody else a chance to comment.
>
> Thanks,
> Larry
>
>
> -----Original Message-----
> From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On
> Behalf Of James Kupsch
> Sent: Friday, April 3, 2020 12:41 PM
> To: sarif@lists.oasis-open.org
> Subject: [EXTERNAL] Re: [sarif] Draft IANA registration for media type
> application/sarif+json
>
> Larry,
>
> Two comments on other fields and other answers below. The other field look good to me.
>
> Thanks,
> Jim
>
> --------
> For the contact for further information field should the OASIS SARIF mailing list be included in addition (or place of)? I don't know if this is used for completing registration process or for long term contact information. For long term, an OASIS email might good to have as it might exist after you Michael retire.
>
> --------
> For the Intended Usage field something be added to the free form field such as:
>
> Intended to be used by the software development community as a common interchange format for the results of static analysis tools.
>
>
>
> On 4/3/20 1:05 PM, Larry Golding (Myriad Consulting Inc) wrote:
>> Please take a look and give feedback.
>>
>> * I don't know what to put for "interoperability consideration".
>
> I would say "None". Based on the examples in RFC 6838, I do not think that there are any known interoperability issues, nor can I think of any.
>
>>
>> * I don't know what to put for "restrictions on usage".
>
> I would say "None" base on RFC 6838.
>
>>
>> * The list of "applications that use this media type" isn't intended
>> to be exhaustive, but if you want to add something (especially I
>> think Jim will want to add some SWAMP tools) just let me know.
>
> I think that you can just add
>
> SWAMP (Software Assurance Marketplace,
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.c
> ontinuousassurance.org%2F&data=02%7C01%7Cv-lgold%40microsoft.com%7
> C2887154126f74d2d054108d7d82af939%7C72f988bf86f141af91ab2d7cd011db47%7
> C1%7C0%7C637215551394693816&sdata=Tq75qcBj%2FSXe%2F1CXtSG8wzizbOsM
> qNmONl14W0kKUBY%3D&reserved=0)
>
> The SWAMP can produce SARIF output from all the tools in available in the SWAMP (still waiting for a bit of UI work to make it publicly available).
>
>>
>> * Also if I've misnamed any of the tools please let me know.
>> CodeHawk-C was formerly KT-Advance.
>>
>> * Let me know if you want to provide something for "Any other
>> information" at the bottom.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail. Follow this link to all your TCs in OASIS at:
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
>> oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&
>> a
>> mp;data=02%7C01%7Cv-lgold%40microsoft.com%7C48cfaf71b8484b5d42cd08d7d
>> 8
>> 06e646%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63721539645611586
>> 3
>> &sdata=j7lt0taDwCcA3hGwvYoZ5pZ5qxBnmxNYoe78U5J6p4g%3D&reserve
>> d
>> =0
>>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&a
> mp;data=02%7C01%7Cv-lgold%40microsoft.com%7C2887154126f74d2d054108d7d8
> 2af939%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215551394693816
> &sdata=hJGdyr8vKzRBRKVgYM%2B8ifMrzDh1YUQnAHupSGt78PI%3D&reserv
> ed=0
>
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&data=02%7C01%7Cv-lgold%40microsoft.com%7Cf95b037ecc39418e939d08d7d82bd844%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215555125367609&sdata=daixyHNnBbEZRSII%2FsLcViMkBrNYH%2FhcH1HBgoAU7nk%3D&reserved=0
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]