Konferenzen und Rahmenprogramm
SARIF – A New Standard for Facilitating Static Analysis Tool Integrations
Static analysis tools are now widely used in industry, academia, and open-source for finding serious defects and security vulnerabilities. Experience has shown that deeper integrations with other tools in DevOps or SecOps environments can drastically increase the effectiveness of static analysis. Most integrations are ad-hoc pairwise connections, which inhibits flexibility and adoption, so there is a need for standards to remove those barriers. This talk describes SARIF (Static Analysis Results Interchange Format) €“ a new open standard for representing the results of analysis tools. SARIF is being adopted by major tool vendors, and open source tools are being modernized to support it too. This talk will show how SARIF can be used to allow users to get more value from their tools, as illustrated by an example that populates a code review comment stream with static analysis results.
--- Datum: 27.02.2020 Uhrzeit: 16:00 - 16:30 Uhr Ort: Conference Counter NCC Ost