[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json
Fixed ð -----Original Message----- From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of David Keaton Sent: Friday, April 3, 2020 5:17 PM To: sarif@lists.oasis-open.org Subject: Re: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration for media type application/sarif+json Looking at the draft registration as a whole, the rest looks good to me too (although the last line probably needs a newline at the end). David On 4/3/20 5:06 PM, David Keaton wrote: >  That list looks good to me! > >  David > > On 4/3/20 5:05 PM, Larry Golding (Myriad Consulting Inc) wrote: >> Here you go. "Inspired by" our conformance clauses; not mapped 1:1 >> with them, but a pretty good sampling of the kinds of uses we'll see: >> >> - Static analysis tools >> - Static analysis results visualization tools (viewers) >> - Bug filing tools >> - Defect databases >> - Compliance systems >> >> And yes, still "non-exhaustive". >> >> -----Original Message----- >> From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On >> Behalf Of Larry Golding (Myriad Consulting Inc) >> Sent: Friday, April 3, 2020 5:01 PM >> To: David Keaton <dmk@dmk.com>; sarif@lists.oasis-open.org >> Subject: RE: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA >> registration for media type application/sarif+json >> >> That sounds like a great idea, thanks! (And the sql example does >> answer my question: the intent of the question is "what kinds of >> software would use this type", not "what kinds of software are using >> it now".) >> >> -----Original Message----- >> From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On >> Behalf Of David Keaton >> Sent: Friday, April 3, 2020 4:59 PM >> To: sarif@lists.oasis-open.org >> Subject: Re: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA >> registration for media type application/sarif+json >> >> Larry, >> >>  Maybe we are being too specific. For example, if you look at >> the description for application/sql, it just says "Databases and >> related tools" instead of listing product names. >> >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftoo >> ls.ietf.org%2Fhtml%2Frfc6922&data=02%7C01%7Cv-lgold%40microsoft.c >> om%7C168a1bec792d4fb36c0d08d7d82d814f%7C72f988bf86f141af91ab2d7cd011d >> b47%7C1%7C0%7C637215562266012765&sdata=x4ZcMPhpW3Ha4qNKZP4el%2FHo >> VEwSQJQUxoofAncN9Bg%3D&reserved=0 >> >> >>  What if we went through the conformance clauses and picked out >> generic descriptions for tools, such as "static analyzers," "static >> analysis results visualization tools," etc. (still keeping the list >> labeled as not exhaustive)? Does that sound reasonable to you? >> >>  David >> >> On 4/3/20 4:51 PM, Larry Golding (Myriad Consulting Inc) wrote: >>> Oh! >>> >>> That is a very interesting point. Maybe I was answering the wrong >>> question. I was answering the question "What applications use SARIF >>> files?". I was not answering the question "What applications >>> currently use application/sarif+json" to designate SARIF files?" >>> >>> Because the answer to _that_ question is "None" ð >>> >>> David, what should I be doing here? >>> >>> -----Original Message----- >>> From: Yekaterina O'Neil <katrina@microfocus.com> >>> Sent: Friday, April 3, 2020 4:49 PM >>> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; >>> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org >>> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for >>> media type application/sarif+json >>> >>> I am not sure :) >>> I was just referring to the document you sent where it says: >>> >>> " Applications that use this media type: The following list is not >>> exhaustive: >>> >>> - CodeHawk-C >>> - Fortify >>> ... >>> " >>> >>> k >>> >>> -----Original Message----- >>> From: Larry Golding (Myriad Consulting Inc) >>> [mailto:v-lgold@microsoft.com] >>> Sent: Friday, April 03, 2020 4:46 PM >>> To: Yekaterina O'Neil <katrina@microfocus.com>; James Kupsch >>> <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org >>> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for >>> media type application/sarif+json >>> >>> It is absolutely not a problem that you're not already using media >>> type application/sarif+json for SARIF files. >>> >>> Just curious, in what context do you even have occasion to specify a >>> media type? And are you currently using something else in that >>> context, like application/json? >>> >>> -----Original Message----- >>> From: Yekaterina O'Neil <katrina@microfocus.com> >>> Sent: Friday, April 3, 2020 4:43 PM >>> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; >>> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org >>> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for >>> media type application/sarif+json >>> >>> The first: that we are not already using it k >>> >>> -----Original Message----- >>> From: sarif@lists.oasis-open.org [mailto:sarif@lists.oasis-open.org] >>> On Behalf Of Larry Golding (Myriad Consulting Inc) >>> Sent: Friday, April 03, 2020 4:42 PM >>> To: Yekaterina O'Neil <katrina@microfocus.com>; James Kupsch >>> <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org >>> Subject: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration >>> for media type application/sarif+json >>> >>> Sorry Ykaterina, are you asking if it's a problem that you might >>> _not_ already be using it? Or that you _are_ already using it? Or >>> that you've already _registered_ it? Or something else entirely? ð >>> I think I'm missing some context here. >>> >>> -----Original Message----- >>> From: Yekaterina O'Neil <katrina@microfocus.com> >>> Sent: Friday, April 3, 2020 4:40 PM >>> To: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; >>> James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org >>> Subject: RE: [EXTERNAL] Re: [sarif] Draft IANA registration for >>> media type application/sarif+json >>> >>> I am not sure we're already using sarif+json media type -- is this >>> an issue? >>> k >>> >>> -----Original Message----- >>> From: sarif@lists.oasis-open.org [mailto:sarif@lists.oasis-open.org] >>> On Behalf Of Larry Golding (Myriad Consulting Inc) >>> Sent: Friday, April 03, 2020 12:53 PM >>> To: James Kupsch <kupsch@cs.wisc.edu>; sarif@lists.oasis-open.org >>> Subject: [sarif] RE: [EXTERNAL] Re: [sarif] Draft IANA registration >>> for media type application/sarif+json >>> >>> Thanks, Jim, that's very helpful. Here's an update. >>> >>> The next step (optional, but "strongly encouraged" by RFC 6838 Â5.1) >>> is to solicit "community review" by sending our draft to >>> media-type@iana.org. After that we can submit our "Application for >>> Media Type" using the online form at >>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iana.org%2Fform%2Fmedia-types&data=02%7C01%7Cv-lgold%40microsoft.com%7C168a1bec792d4fb36c0d08d7d82d814f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215562266012765&sdata=6kIe306IbiRo3jSfWnZX3Nm%2FDw7bBxA6O6ERxEZ%2BWTg%3D&reserved=0. >>> >>> >>> I'll wait until Monday afternoon to give everybody else a chance to >>> comment. >>> >>> Thanks, >>> Larry >>> >>> -----Original Message----- >>> From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On >>> Behalf Of James Kupsch >>> Sent: Friday, April 3, 2020 12:41 PM >>> To: sarif@lists.oasis-open.org >>> Subject: [EXTERNAL] Re: [sarif] Draft IANA registration for media >>> type application/sarif+json >>> >>> Larry, >>> >>> Two comments on other fields and other answers below. The other >>> field look good to me. >>> >>> Thanks, >>> Jim >>> >>> -------- >>> For the contact for further information field should the OASIS SARIF >>> mailing list be included in addition (or place of)? I don't know if >>> this is used for completing registration process or for long term >>> contact information. For long term, an OASIS email might good to >>> have as it might exist after you Michael retire. >>> >>> -------- >>> For the Intended Usage field something be added to the free form >>> field such as: >>> >>> Intended to be used by the software development community as a >>> common interchange format for the results of static analysis tools. >>> >>> >>> >>> On 4/3/20 1:05 PM, Larry Golding (Myriad Consulting Inc) wrote: >>>> Please take a look and give feedback. >>>> >>>>  * I don't know what to put for "interoperability consideration". >>> >>> I would say "None". Based on the examples in RFC 6838, I do not >>> think that there are any known interoperability issues, nor can I >>> think of any. >>> >>>> >>>>  * I don't know what to put for "restrictions on usage". >>> >>> I would say "None" base on RFC 6838. >>> >>>> >>>>  * The list of "applications that use this media type" isn't >>>> intended >>>>  to be exhaustive, but if you want to add something >>>> (especially I >>>>  think Jim will want to add some SWAMP tools) just let me know. >>> >>> I think that you can just add >>> >>> SWAMP (Software Assurance Marketplace, >>> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww >>> .c >>> ontinuousassurance.org%2F&data=02%7C01%7Cv-lgold%40microsoft.com >>> %7 >>> C2887154126f74d2d054108d7d82af939%7C72f988bf86f141af91ab2d7cd011db47 >>> %7 >>> C1%7C0%7C637215551394693816&sdata=Tq75qcBj%2FSXe%2F1CXtSG8wzizbO >>> sM >>> qNmONl14W0kKUBY%3D&reserved=0) >>> >>> The SWAMP can produce SARIF output from all the tools in available >>> in the SWAMP (still waiting for a bit of UI work to make it publicly >>> available). >>> >>>> >>>>  * Also if I've misnamed any of the tools please let me know. >>>>  CodeHawk-C was formerly KT-Advance. >>>> >>>>  * Let me know if you want to provide something for "Any other >>>>  information" at the bottom. >>>> >>>> >>>> >>>> ------------------------------------------------------------------- >>>> -- To unsubscribe from this mail list, you must leave the OASIS TC >>>> that generates this mail. Follow this link to all your TCs in >>>> OASIS at: >>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. >>>> oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.ph >>>> p& >>>> a >>>> mp;data=02%7C01%7Cv-lgold%40microsoft.com%7C48cfaf71b8484b5d42cd08d >>>> 7d >>>> 8 >>>> 06e646%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215396456115 >>>> 86 >>>> 3 >>>> &sdata=j7lt0taDwCcA3hGwvYoZ5pZ5qxBnmxNYoe78U5J6p4g%3D&reser >>>> ve >>>> d >>>> =0 >>>> >>> >>> -------------------------------------------------------------------- >>> - To unsubscribe from this mail list, you must leave the OASIS TC >>> that generates this mail. Follow this link to all your TCs in OASIS >>> at: >>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. >>> oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php >>> &a >>> mp;data=02%7C01%7Cv-lgold%40microsoft.com%7C2887154126f74d2d054108d7 >>> d8 >>> 2af939%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6372155513946938 >>> 16 >>> &sdata=hJGdyr8vKzRBRKVgYM%2B8ifMrzDh1YUQnAHupSGt78PI%3D&rese >>> rv >>> ed=0 >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. Follow this link to all your TCs in OASIS at: >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww >> .oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php >> &data=02%7C01%7Cv-lgold%40microsoft.com%7C168a1bec792d4fb36c0d08d >> 7d82d814f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63721556226602 >> 2756&sdata=00Hs5mObi2XVtBmeDCr2XC4x%2FNmfEVf75gmi2RZOsWQ%3D&r >> eserved=0 >> >> > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&a > mp;data=02%7C01%7Cv-lgold%40microsoft.com%7C168a1bec792d4fb36c0d08d7d8 > 2d814f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215562266022756 > &sdata=00Hs5mObi2XVtBmeDCr2XC4x%2FNmfEVf75gmi2RZOsWQ%3D&reserv > ed=0 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&data=02%7C01%7Cv-lgold%40microsoft.com%7C168a1bec792d4fb36c0d08d7d82d814f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637215562266022756&sdata=00Hs5mObi2XVtBmeDCr2XC4x%2FNmfEVf75gmi2RZOsWQ%3D&reserved=0
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]