-
-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(formatters): add sarif formatter #2532
feat(formatters): add sarif formatter #2532
Conversation
Hey! Thanks for the PR, I'll try to review it soon. I had a peek at it and everything looks right at first glance, but I'd like to have a deeper look later on. |
Alright. I will take another look to see if i can figure out how to pass the ruleset to the formatter, as the sarif rules should normally include all rules. |
Getting a list of all rules might be a bit tricky due to overrides. Technically you can apply a ruleset that's applicable only to a given set of files that match a provided glob pattern. I haven't read the spec yet, but do we need to provide a set of rules on a per-file or per-project basis? Either way, you could start here
formatOutput function.
If one needs a per-file basis ruleset (with overrides applied), we'd need to expose that ruleset in the core package here https://github.com/stoplightio/spectral/blob/develop/packages/core/src/spectral.ts#L73 and then use
|
Thanks for the links, i added the ruleset to the response of the The If a rule has a override to restrict it to specific files and gets skipped due to that, i still think that it would be correct to document it as a rule that spectral lint has been run with. Therefore i would include all rules from the resolved ruleset into the sarif report. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I'll release it this week
# @stoplight/spectral-formatters [1.3.0](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-formatters-1.2.0...@stoplight/spectral-formatters-1.3.0) (2023-09-14) ### Features * **formatters:** add sarif formatter ([#2532](#2532)) ([908c308](908c308))
# @stoplight/spectral-cli [6.11.0](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-cli-6.10.1...@stoplight/spectral-cli-6.11.0) (2023-09-15) ### Features * **cli:** add sarif formatter ([#2532](#2532)) ([959a86a](959a86a))
🎉 This PR is included in version 6.11.0 🎉 The release is available on Your semantic-release bot 📦🚀 |
# [1.8.0](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-functions-v1.7.2...@stoplight/spectral-functions-1.8.0) (2024-06-07) ### Bug Fixes * **cli:** choose proxy agent based on requester protocol ([#2521](#2521)) ([056f2e1](056f2e1)) * **cli:** clarify usage of --format ([#2575](#2575)) ([96eee89](96eee89)) * **core:** dedupe paths containing special characters correctly ([758de21](758de21)) * **core:** invalid then produced by Rule#toJSON ([#2496](#2496)) ([db91553](db91553)) * **core:** more accurate ruleset error paths ([66b3ca7](66b3ca7)) * **core:** pointer in overrides are applied too broadly ([#2511](#2511)) ([69403c1](69403c1)) * **core:** reset path in fn context ([#2389](#2389)) ([3d47ec4](3d47ec4)) * **parsers:** update @stoplight/json from ~3.20.1 to ~3.21.0 ([e906d20](e906d20)) * **parsers:** update @stoplight/yaml from ~4.2.3 to ~4.3.0 ([91fdded](91fdded)) * **ref-resolver:** bump @stoplight/json-ref-resolver from ~3.1.4 to ~3.1.5 ([#3635](https://github.com/stoplightio/spectral/issues/3635)) ([215ae93](215ae93)) * **ref-resolver:** update @stoplight/json-ref-resolver from ~3.1.5 to ~3.1.6 ([6f73151](6f73151)) * **ruleset-bundler:** defaults should be last one ([#2403](#2403)) ([8780cfa](8780cfa)) * **ruleset-bundler:** remove extraneous 'external dependency' warnings ([#2475](#2475)) ([e791534](e791534)) * **ruleset-migrator:** correct package.json's browser field ([#2497](#2497)) ([89a6a67](89a6a67)) * **ruleset-migrator:** transform functions under overrides ([#2459](#2459)) ([45e817f](45e817f)) * **ruleset-migrator:** update @stoplight/json from ~3.20.1 to ~3.21.0 ([3f7eebc](3f7eebc)) * **ruleset-migrator:** use module for require.resolve ([#2405](#2405)) ([d7c0fa4](d7c0fa4)) * **rulesets:** avoid false errors from ajv ([#2408](#2408)) ([92dab78](92dab78)) * **rulesets:** example validation for required readOnly and writeOnly properties ([#2573](#2573)) ([ae1fea5](ae1fea5)) * **rulesets:** oasExample should clean id fields from non-schema objects ([#2561](#2561)) ([7f7583e](7f7583e)) * **rulesets:** tweak server variables function ([#2533](#2533)) ([244cbda](244cbda)) ### Features * **cli:** add sarif formatter ([#2532](#2532)) ([959a86a](959a86a)) * **cli:** require newer version of all Spectral dependencies ([10ddd97](10ddd97)) * **cli:** use hpagent ([#2513](#2513)) ([9b2d347](9b2d347)) * **core:** relax formats validation ([#2151](#2151)) ([de16b4c](de16b4c)) * **core:** support x- extensions in the ruleset ([#2440](#2440)) ([964151e](964151e)) * **formats:** jsonSchemaLoose format should search for enum keyword ([#2551](#2551)) ([0835545](0835545)) * **formats:** support AsyncAPI 2.6.0 ([#2391](#2391)) ([b8e51b4](b8e51b4)) * **formatters:** add export entrypoint for utils ([#2482](#2482)) ([d4b883c](d4b883c)) * **formatters:** add GitHub Actions formatter ([#2508](#2508)) ([6904927](6904927)) * **formatters:** add sarif formatter ([#2532](#2532)) ([908c308](908c308)) * **formatters:** move formatters to a separate package ([#2468](#2468)) ([664e259](664e259)) * **rulesets:** add multiple xor ([#2614](#2614)) ([af9c742](af9c742)) * **rulesets:** add new rule that requires sibling items field for type array ([#2632](#2632)) ([24198bc](24198bc)) * **rulesets:** add oas3_1-servers-in-webhook and oas3_1-callbacks-in… ([#2581](#2581)) ([7a8cc0e](7a8cc0e)) * **rulesets:** add oas3-server-variables rule ([#2526](#2526)) ([4c4de85](4c4de85)) * **rulesets:** add scope validation to oas{2,3}-operation-security-defined rules ([#2538](#2538)) ([68aacd6](68aacd6)) * **rulesets:** add traits array path to headers rule ([#2460](#2460)) ([9ceabca](9ceabca)) * **rulesets:** improve {oas2,oas3}-valid-schema rule ([#2574](#2574)) ([8df2c36](8df2c36)) * **rulesets:** support AsyncAPI 2.6.0 ([#2391](#2391)) ([94a7801](94a7801))
# [1.19.0](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-core-1.18.3...@stoplight/spectral-core-1.19.0) (2024-09-12) ### Bug Fixes * **cli:** choose proxy agent based on requester protocol ([#2521](#2521)) ([056f2e1](056f2e1)) * **cli:** clarify usage of --format ([#2575](#2575)) ([96eee89](96eee89)) * **parsers:** update @stoplight/yaml from ~4.2.3 to ~4.3.0 ([91fdded](91fdded)) * **repo:** remove discord link and fix typo in github bug template ([#2642](#2642)) ([048924d](048924d)) * **ruleset-migrator:** update @stoplight/json from ~3.20.1 to ~3.21.0 ([3f7eebc](3f7eebc)) * **rulesets:** example validation for required readOnly and writeOnly properties ([#2573](#2573)) ([ae1fea5](ae1fea5)) * **rulesets:** fixed array-items type property selector ([#2638](#2638)) ([0845fb5](0845fb5)) * **rulesets:** oasExample should clean id fields from non-schema objects ([#2561](#2561)) ([7f7583e](7f7583e)) * **rulesets:** tweak server variables function ([#2533](#2533)) ([244cbda](244cbda)) ### Features * **cli:** add sarif formatter ([#2532](#2532)) ([959a86a](959a86a)) * **cli:** require newer version of all Spectral dependencies ([10ddd97](10ddd97)) * **cli:** use hpagent ([#2513](#2513)) ([9b2d347](9b2d347)) * **formats:** add arazzo format ([#2663](#2663)) ([dc1a8ef](dc1a8ef)) * **formats:** jsonSchemaLoose format should search for enum keyword ([#2551](#2551)) ([0835545](0835545)) * **formatters:** add GitHub Actions formatter ([#2508](#2508)) ([6904927](6904927)) * **formatters:** add sarif formatter ([#2532](#2532)) ([908c308](908c308)) * **rulesets:** add multiple xor ([#2614](#2614)) ([af9c742](af9c742)) * **rulesets:** add new rule that requires sibling items field for type array ([#2632](#2632)) ([24198bc](24198bc)) * **rulesets:** add oas3_1-servers-in-webhook and oas3_1-callbacks-in… ([#2581](#2581)) ([7a8cc0e](7a8cc0e)) * **rulesets:** add oas3-server-variables rule ([#2526](#2526)) ([4c4de85](4c4de85)) * **rulesets:** add scope validation to oas{2,3}-operation-security-defined rules ([#2538](#2538)) ([68aacd6](68aacd6)) * **rulesets:** improve {oas2,oas3}-valid-schema rule ([#2574](#2574)) ([8df2c36](8df2c36)) * **rulesets:** initial rulesets for the Arazzo Specification ([#2672](#2672)) ([8443232](8443232))
# [1.6.0](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-ruleset-bundler-v1.5.2...@stoplight/spectral-ruleset-bundler-1.6.0) (2024-09-12) ### Bug Fixes * **cli:** choose proxy agent based on requester protocol ([#2521](#2521)) ([056f2e1](056f2e1)) * **cli:** clarify usage of --format ([#2575](#2575)) ([96eee89](96eee89)) * **core:** dedupe paths containing special characters correctly ([758de21](758de21)) * **core:** invalid then produced by Rule#toJSON ([#2496](#2496)) ([db91553](db91553)) * **core:** pointer in overrides are applied too broadly ([#2511](#2511)) ([69403c1](69403c1)) * **parsers:** update @stoplight/json from ~3.20.1 to ~3.21.0 ([e906d20](e906d20)) * **parsers:** update @stoplight/yaml from ~4.2.3 to ~4.3.0 ([91fdded](91fdded)) * **ref-resolver:** update @stoplight/json-ref-resolver from ~3.1.5 to ~3.1.6 ([6f73151](6f73151)) * **repo:** remove discord link and fix typo in github bug template ([#2642](#2642)) ([048924d](048924d)) * **ruleset-migrator:** correct package.json's browser field ([#2497](#2497)) ([89a6a67](89a6a67)) * **ruleset-migrator:** update @stoplight/json from ~3.20.1 to ~3.21.0 ([3f7eebc](3f7eebc)) * **rulesets:** example validation for required readOnly and writeOnly properties ([#2573](#2573)) ([ae1fea5](ae1fea5)) * **rulesets:** fixed array-items type property selector ([#2638](#2638)) ([0845fb5](0845fb5)) * **rulesets:** oasExample should clean id fields from non-schema objects ([#2561](#2561)) ([7f7583e](7f7583e)) * **rulesets:** tweak server variables function ([#2533](#2533)) ([244cbda](244cbda)) ### Features * **cli:** add sarif formatter ([#2532](#2532)) ([959a86a](959a86a)) * **cli:** require newer version of all Spectral dependencies ([10ddd97](10ddd97)) * **cli:** use hpagent ([#2513](#2513)) ([9b2d347](9b2d347)) * **formats:** add arazzo format ([#2663](#2663)) ([dc1a8ef](dc1a8ef)) * **formats:** jsonSchemaLoose format should search for enum keyword ([#2551](#2551)) ([0835545](0835545)) * **formatters:** add export entrypoint for utils ([#2482](#2482)) ([d4b883c](d4b883c)) * **formatters:** add GitHub Actions formatter ([#2508](#2508)) ([6904927](6904927)) * **formatters:** add sarif formatter ([#2532](#2532)) ([908c308](908c308)) * **formatters:** move formatters to a separate package ([#2468](#2468)) ([664e259](664e259)) * **rulesets:** add multiple xor ([#2614](#2614)) ([af9c742](af9c742)) * **rulesets:** add new rule that requires sibling items field for type array ([#2632](#2632)) ([24198bc](24198bc)) * **rulesets:** add oas3_1-servers-in-webhook and oas3_1-callbacks-in… ([#2581](#2581)) ([7a8cc0e](7a8cc0e)) * **rulesets:** add oas3-server-variables rule ([#2526](#2526)) ([4c4de85](4c4de85)) * **rulesets:** add scope validation to oas{2,3}-operation-security-defined rules ([#2538](#2538)) ([68aacd6](68aacd6)) * **rulesets:** improve {oas2,oas3}-valid-schema rule ([#2574](#2574)) ([8df2c36](8df2c36)) * **rulesets:** initial rulesets for the Arazzo Specification ([#2672](#2672)) ([8443232](8443232))
# [1.10.0](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-ruleset-migrator-1.9.5...@stoplight/spectral-ruleset-migrator-1.10.0) (2024-09-12) ### Bug Fixes * **cli:** choose proxy agent based on requester protocol ([#2521](#2521)) ([056f2e1](056f2e1)) * **cli:** clarify usage of --format ([#2575](#2575)) ([96eee89](96eee89)) * **parsers:** update @stoplight/yaml from ~4.2.3 to ~4.3.0 ([91fdded](91fdded)) * **repo:** remove discord link and fix typo in github bug template ([#2642](#2642)) ([048924d](048924d)) * **rulesets:** example validation for required readOnly and writeOnly properties ([#2573](#2573)) ([ae1fea5](ae1fea5)) * **rulesets:** fixed array-items type property selector ([#2638](#2638)) ([0845fb5](0845fb5)) * **rulesets:** oasExample should clean id fields from non-schema objects ([#2561](#2561)) ([7f7583e](7f7583e)) * **rulesets:** tweak server variables function ([#2533](#2533)) ([244cbda](244cbda)) ### Features * **cli:** add sarif formatter ([#2532](#2532)) ([959a86a](959a86a)) * **cli:** require newer version of all Spectral dependencies ([10ddd97](10ddd97)) * **formats:** add arazzo format ([#2663](#2663)) ([dc1a8ef](dc1a8ef)) * **formats:** jsonSchemaLoose format should search for enum keyword ([#2551](#2551)) ([0835545](0835545)) * **formatters:** add sarif formatter ([#2532](#2532)) ([908c308](908c308)) * **rulesets:** add multiple xor ([#2614](#2614)) ([af9c742](af9c742)) * **rulesets:** add new rule that requires sibling items field for type array ([#2632](#2632)) ([24198bc](24198bc)) * **rulesets:** add oas3_1-servers-in-webhook and oas3_1-callbacks-in… ([#2581](#2581)) ([7a8cc0e](7a8cc0e)) * **rulesets:** add oas3-server-variables rule ([#2526](#2526)) ([4c4de85](4c4de85)) * **rulesets:** add scope validation to oas{2,3}-operation-security-defined rules ([#2538](#2538)) ([68aacd6](68aacd6)) * **rulesets:** improve {oas2,oas3}-valid-schema rule ([#2574](#2574)) ([8df2c36](8df2c36)) * **rulesets:** initial rulesets for the Arazzo Specification ([#2672](#2672)) ([8443232](8443232))
# [1.4.0](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-formatters-1.3.0...@stoplight/spectral-formatters-1.4.0) (2024-09-13) ### Bug Fixes * **cli:** clarify usage of --format ([#2575](#2575)) ([96eee89](96eee89)) * **core:** fix for TypeError "this.formats.has is not a function" ([#2664](#2664)) ([75d642d](75d642d)) * **parsers:** update @stoplight/yaml from ~4.2.3 to ~4.3.0 ([91fdded](91fdded)) * **repo:** remove discord link and fix typo in github bug template ([#2642](#2642)) ([048924d](048924d)) * **rulesets:** example validation for required readOnly and writeOnly properties ([#2573](#2573)) ([ae1fea5](ae1fea5)) * **rulesets:** fixed array-items type property selector ([#2638](#2638)) ([0845fb5](0845fb5)) * **rulesets:** oasExample should clean id fields from non-schema objects ([#2561](#2561)) ([7f7583e](7f7583e)) * **rulesets:** tweak server variables function ([#2533](#2533)) ([244cbda](244cbda)) * **rulesets:** use uri-reference for oauth security schemes ([#2652](#2652)) ([c411e63](c411e63)) ### Features * **cli:** add sarif formatter ([#2532](#2532)) ([959a86a](959a86a)) * **formats:** add arazzo format ([#2663](#2663)) ([dc1a8ef](dc1a8ef)) * **formats:** jsonSchemaLoose format should search for enum keyword ([#2551](#2551)) ([0835545](0835545)) * **formatters:** add code climate (GitLab) formatter ([#2648](#2648)) ([41eca61](41eca61)) * **formatters:** add markdown formatter ([#2662](#2662)) ([b5edf5e](b5edf5e)) * **rulesets:** add multiple xor ([#2614](#2614)) ([af9c742](af9c742)) * **rulesets:** add new rule that requires sibling items field for type array ([#2632](#2632)) ([24198bc](24198bc)) * **rulesets:** add oas3_1-servers-in-webhook and oas3_1-callbacks-in… ([#2581](#2581)) ([7a8cc0e](7a8cc0e)) * **rulesets:** add scope validation to oas{2,3}-operation-security-defined rules ([#2538](#2538)) ([68aacd6](68aacd6)) * **rulesets:** improve {oas2,oas3}-valid-schema rule ([#2574](#2574)) ([8df2c36](8df2c36)) * **rulesets:** initial rulesets for the Arazzo Specification ([#2672](#2672)) ([8443232](8443232))
Adds a formatter to output results in the Static Analysis Results Interchange Format (SARIF) Version 2.1.0.
https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
Checklist
Does this PR introduce a breaking change?
Additional context