Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide prose explaining the use of guids across all occurrences #648

Open
sthagen opened this issue Jul 11, 2024 · 1 comment
Open

Provide prose explaining the use of guids across all occurrences #648

sthagen opened this issue Jul 11, 2024 · 1 comment
Assignees
@sthagen
Labels
2.2.0 impact-documentation-only proposal issue provides a complete proposal to-be-discussed

Comments

@sthagen
Copy link
Contributor

sthagen commented Jul 11, 2024

During the TC meeting 2024-07-11 the discussion made explicit, that the use cases for the diverse guid elements require a clear guidance in the prose.

As example it should be made clear what consequences are expected if for two or more SARIF files targeting the same analysis target, the corresponding guid fields (root object or else):

  • share the same value
  • have different values
@sthagen sthagen self-assigned this Jul 11, 2024
@sthagen sthagen mentioned this issue Jul 11, 2024
Merged
@sthagen
Copy link
Contributor Author

sthagen commented Dec 9, 2024

Proposal to foster consensus on the semantics of guid's as root level member:

The same guid value on the root elements of two or more SARIF files
indicates that the information content MUST be the same.

Hashing of text based formats is ambiguous for duplicate detection as the line
ending conventions differ and impact the hash.

Examples of possible duplication sources are: File copies, stored byte streams

Differing guid values on the root elements of two or more SARIF files
indicate that the files are different.

Examples are reports from different nodes on the same system under test using
identical tools or a retest run.

@sthagen sthagen added the proposal issue provides a complete proposal label Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sthagen sthagen

Labels
2.2.0 impact-documentation-only proposal issue provides a complete proposal to-be-discussed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sthagen