codyze icon indicating copy to clipboard operation
codyze copied to clipboard

Published 20 hours ago verified publisher icon Fraunhofer-AISEC

Executors as part of SARIF output

Open fwendland opened this issue 2 years ago • 1 comments

With the transition to v3 we're envisioning to provide multiple executors. Each could have it's own specific analysis focus. Thus, it's no longer sufficient to say "Codyze found issues". We rather need to say "Codyze with Executor abc found issues".

We need

  • [ ] investigate what properties SARIF offers for this use case
  • [ ] implement a more detailed description to the tool/driver property in SARIF (cf. https://github.com/Fraunhofer-AISEC/codyze/blob/b4df5f3ea5ddd8ef5f1cc32dcef7b6428d6132ee/codyze-v3/codyze-core/src/main/kotlin/Project.kt#L39)

fwendland avatar Aug 01 '22 12:08 fwendland

There is the extensions property in the tool object, which is used to describe extensions that the tool used during the run. I think that the executors fall into this description.

seelchen avatar Aug 17 '22 13:08 seelchen