Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-20199

Support SARIF format for code insights

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      SARIF (https://sarifweb.azurewebsites.net/) is an industry standard format for the output of static analysis tools. Tools such as ShiftLeft Scan (https://slscan.io/), GitHub Semmle etc support this standard. ShiftLeft Scan is a free open-source DevSecOps tool.

      With the current design of insights, an API call is required to the annotations endpoint to submit for each finding. A tool such as ShiftLeft Scan, by being a multi-scanner, can generate 100s of security findings per invocation thus requiring a better integration approach.

      Please treat this issue as a request to support and integrate using SARIF in addition to API. ShiftLeft Scan already works with Bitbucket pipelines and can produce output in SARIF format as discussed here

      Thank you.

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              d6adc8b48fc1 Prabhu Subramanian
              Votes:
              33 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated: