OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: short-term goals for the SARIF TC

Everyone, see below for a proposal for SARIF TC goals/execution in the short-term. We’ll discuss later today.




* Document, publish and maintain current state of SARIF eco-system, including list of direct exporters, SDKs, viewers, aggregators and other relevant support.

* Complete a recruitment effort to acquire new TC representation. Use this effort as an opportunity as well to educate/solicit new SARIF adoption. Primary outreach should include commercial tooling/other industry partners, government departments and government-funded tooling/standards initiatives, and OSS tool owners. Secondary outreach could include OSS/component-governance and dynamic analysis tool providers.

* Initiate a SARIF 2.1.1 design effort. Build a detailed punch-list of errata/smaller design issues in SARIF and set aside to start working through them.

* Propose/implement strategic SARIF initiatives directly supported by the TC. These currently include:

  - Author/publish/maintain SARIF-rendered taxonomies

  - Author missing GitHub actions that support SARIF ingestion to GHAS.

* Discuss/agree on substantive next-steps/long-term roadmap for the standard. E.g., metrics? results management? dynamic analysis, etc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]