The Static Analysis Results Interchange Format (SARIF)
defines a standard format for the output of static analysis tools.
The Static Analysis Results Interchange Format (SARIF) specification is currently being
standardized by OASIS in the OASIS SARIF Technical Committee. The information and tools
on this web site track the standard as it evolves to its final form.
The SARIF project is supported by a group of industry contributors.
Tools & Libraries
A collection of tools offering facilities for producing, consuming, and validating files in the SARIF format.
The source code is in the SARIF SDK GitHub repo. We welcome your contributions!
SDK - Object model and utilities for reading and writing files in the SARIF format.
Driver - Framework for creating a command line analysis tool which produces files in the SARIF format.
Converters - classes for converting the output of various static analysis tools to the SARIF format.
Multitool - Multi-purpose command line tool for analyzing and manipulating SARIF files.
Interop - Library that enables Visual Studio extensions to easily consume services exposed by the SARIF Viewer for VS. Coming soon!
SARIF is based on JSON and can be viewed in any text editor. For a richer experience the following open-source viewers are provided.
Visual Studio extension
For viewing and taking-action-on SARIF files within Visual Studio. Analysis results show up in the Error List, result details in a dockable tool window, and the results locations are overlayed on the original code (when available).
VS Code extension
Same experience as the Visual Studio extension, but for those using Visual Studio Code.