-
Suggestion
-
Resolution: Unresolved
-
None
SARIF (https://sarifweb.azurewebsites.net/) is an industry standard format for the output of static analysis tools. Tools such as ShiftLeft Scan (https://slscan.io/), GitHub Semmle etc support this standard. ShiftLeft Scan is a free open-source DevSecOps tool.
With the current design of insights, an API call is required to the annotations endpoint to submit for each finding. A tool such as ShiftLeft Scan, by being a multi-scanner, can generate 100s of security findings per invocation thus requiring a better integration approach.
Please treat this issue as a request to support and integrate using SARIF in addition to API. ShiftLeft Scan already works with Bitbucket pipelines and can produce output in SARIF format as discussed here
Thank you.
- mentioned in
-
Page Loading...