| << Back to previous view |
|
[QB-3186] Add support for SARIF format reports created by Roslyn Analyzers
|
|
| Status: | Open |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | 8.0.5 |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major |
| Reporter: | Scott Hunter | Assigned To: | Steve Luo |
| Resolution: | Unresolved | Votes: | 0 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Description |
|
Roslyn Analyzers are the replacement for FxCop code analysis. Output from these analyzers is produced in a JSON format called SARIF. These reports should be able to be published as a report similar to the existing FxCop report.
Here the Roslyn team describes how reports are produced: https://github.com/dotnet/roslyn/issues/430 Here is the SARIF spec: https://github.com/sarif-standard/sarif-spec |
| Comments |
| Comment by Steve Luo [ 29/Jan/19 04:20 AM ] |
|
Hi,
Would you please attach some sample reports here or you can also send the reports to me (steve at pmease) by email? |
| Comment by Scott Hunter [ 29/Jan/19 08:31 PM ] |
|
I don't have any samples myself, but you may be able to find sample files on GitHub. I found these:
https://github.com/laedit/vika/blob/master/src/NVika.Tests/Data/static-analysis.sarif.json and https://github.com/SonarSource/sonar-dotnet/tree/master/sonar-dotnet-shared-library/src/test/resources/SarifParserTest (note I am not associated with these projects, I just found them by searching GitHub) |