Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-20199

Support SARIF format for code insights

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      SARIF (https://sarifweb.azurewebsites.net/) is an industry standard format for the output of static analysis tools. Tools such as ShiftLeft Scan (https://slscan.io/), GitHub Semmle etc support this standard. ShiftLeft Scan is a free open-source DevSecOps tool.

      With the current design of insights, an API call is required to the annotations endpoint to submit for each finding. A tool such as ShiftLeft Scan, by being a multi-scanner, can generate 100s of security findings per invocation thus requiring a better integration approach.

      Please treat this issue as a request to support and integrate using SARIF in addition to API. ShiftLeft Scan already works with Bitbucket pipelines and can produce output in SARIF format as discussed here

      Thank you.

            Unassigned Unassigned
            d6adc8b48fc1 Prabhu Subramanian
            Votes:
            34 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated: