The Static Analysis Results Interchange Format (SARIF)
is an industry standard format for the output of static analysis tools.
Specification and documentation
The Static Analysis Results Interchange Format (SARIF) has been approved
as an OASIS standard.
The information and tools on this web site apply to SARIF Version 2.1.0, the version approved by the OASIS.
The SARIF project is supported by a group of industry contributors.
Tools & Libraries
A collection of tools offering facilities for producing, consuming, and validating files in the SARIF format.
The source code is in the SARIF SDK GitHub repo. We welcome your contributions!
SDK - Object model and utilities for reading and writing files in the SARIF format.
Driver - Framework for creating a command line analysis tool which produces files in the SARIF format.
Multitool - Multi-purpose command line tool for analyzing and manipulating SARIF files.
Interop - Library that enables Visual Studio extensions to easily consume services exposed by the SARIF Viewer for VS.
Converters - classes for converting the output of various static analysis tools to the SARIF format.
SARIF is based on JSON and can be viewed in any text editor. For a richer experience the following open-source viewers are provided.
Visual Studio extension
For viewing and taking-action-on SARIF files within Visual Studio. Analysis results show up in the Error List, result details in a dockable tool window, and the results locations are overlayed on the original code (when available).
VS Code extension
Same experience as the Visual Studio extension, but for those using Visual Studio Code.