commit | 07ecc7ea9e8430416220c1cfd6ced1a29fc480b9 | [log] [tgz] |
---|---|---|
author | Oliver Newman <olivernewman@google.com> | Wed Aug 16 14:23:18 2023 +0000 |
committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Wed Aug 16 14:23:18 2023 +0000 |
tree | 754167ab281aa9f89922beef660e05b0adddd34a | |
parent | aa2ee98881db08534bdf29383fc86bfe5b9f8a65 [diff] |
[engine] Implement SARIF output If the `--json-output` flag to `shac check` specifies a path to write to, or specifies "-" (indicating stdout), shac will write a JSON file to the specified output conforming to the SARIF schema. This can be used by any tool or automation that needs to extract structured data from shac; for example, automation that converts shac findings to robot comments during code review. I created a protobuf file for the SARIF schema so it can be copy-pasted into consumer codebases for easy parsing. Change-Id: I89dca26f020db015579a537fbf069ac86fbaf6d6 Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/900300 Fuchsia-Auto-Submit: Oliver Newman <olivernewman@google.com> Commit-Queue: Oliver Newman <olivernewman@google.com> Reviewed-by: Marc-Antoine Ruel <maruel@google.com>
Shac (Scalable Hermetic Analysis and Checks) is a unified and ergonomic tool and framework for writing and running static analysis checks.
Shac checks are written in Starlark.
go install go.fuchsia.dev/shac-project/shac@latest shac check shac doc shac.star | less
Planned features/changes, in descending order by priority:
shac.textproto
shac.star
files.shac
cache directory that checks can write toctx.scm
glob
arguments to ctx.scm.{all,affected}_files()
functions for easier filtering⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.
See CONTRIBUTING.md to submit changes.