Details
-
Suggestion
-
Resolution: Unresolved
-
None
Description
SARIF (https://sarifweb.azurewebsites.net/) is an industry standard format for the output of static analysis tools. Tools such as ShiftLeft Scan (https://slscan.io/), GitHub Semmle etc support this standard. ShiftLeft Scan is a free open-source DevSecOps tool.
With the current design of insights, an API call is required to the annotations endpoint to submit for each finding. A tool such as ShiftLeft Scan, by being a multi-scanner, can generate 100s of security findings per invocation thus requiring a better integration approach.
Please treat this issue as a request to support and integrate using SARIF in addition to API. ShiftLeft Scan already works with Bitbucket pipelines and can produce output in SARIF format as discussed here
Thank you.
Attachments
Issue Links
- mentioned in
-
Page Loading...