Skip to content

A group of Rust projects for interacting with the SARIF format

License

Notifications You must be signed in to change notification settings

psastras/sarif-rs

Repository files navigation

Workflow Status OpenSSF Scorecard OpenSSF Best Practices

sarif-rs

A group of Rust projects for interacting with the SARIF format.

Example

Parse cargo clippy output, convert to SARIF (clippy-sarif), then pretty print the SARIF to terminal (sarif-fmt).

$ cargo clippy --message-format=json | clippy-sarif | sarif-fmt
$ warning: using `Option.and_then(|x| Some(y))`, which is more succinctly expressed as `map(|x| y)`
    ┌─ sarif-fmt/src/bin.rs:423:13
    │
423 │ ╭             the_rule
424 │ │               .full_description
425 │ │               .as_ref()
426 │ │               .and_then(|mfms| Some(mfms.text.clone()))
    │ ╰───────────────────────────────────────────────────────^
    │
    = `#[warn(clippy::bind_instead_of_map)]` on by default
      for further information visit https://rust-lang.github.io/rust-clippy/master#bind_instead_of_map

Install

Each CLI may be installed via cargo, cargo-binstall or directly downloaded from the corresponding Github release.

Cargo

cargo install <cli_name> # ex. cargo install sarif-fmt

Cargo-binstall

cargo binstall <cli_name> # ex. cargo binstall sarif-fmt

Github Releases

The latest version is continuously published and tagged.

Using curl,

# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sarif-rs/releases/download/shellcheck-sarif-v0.6.6/shellcheck-sarif-x86_64-unknown-linux-gnu -o shellcheck-sarif

Fedora Linux

sudo dnf install <cli_name> # ex. cargo binstall sarif-fmt

Nix

Through the nix cli,

nix --accept-flake-config profile install github:psastras/sarif-rs

Or from FlakeHub.

Documentation

See each subproject for more detailed information:

  • clang-tidy-sarif: CLI tool to convert clang-tidy diagnostics into SARIF. See the Rust documentation.
  • clippy-sarif: CLI tool to convert clippy diagnostics into SARIF. See the Rust documentation.
  • hadolint-sarif: CLI tool to convert hadolint diagnostics into SARIF. See the Rust documentation.
  • shellcheck-sarif: CLI tool to convert shellcheck diagnostics into SARIF. See the Rust documentation.
  • sarif-fmt: CLI tool to pretty print SARIF diagnostics. See the Rust documentation.
  • serde-sarif: Typesafe SARIF structures for serializing and deserializing SARIF information using serde. See the Rust documentation.

Development

Before you begin, ensure the following programs are available on your machine:

Using Cargo

Enter the development shell provisioned by nix and build / test the project:

nix develop
cargo build
cargo test

For more information on specific configurations, refer to the cargo documentation.

Using Nix

Enter the development shell provisioned by nix and build / test the project:

# build all crates
nix build

# optionally, you may build a single crate
nix build ".#sarif-fmt"

Releasing

To release a new version (publish to crates.io), prefix the head commit with release: and update the relevant rust crate versions. Once merged into main the pipeline should pick up the change and publish a new version.

License: MIT