I’ve released 🤲 a GitHub Action to convert Dart/Flutter analyzer output to SARIF.

That lets you upload ⬆️ the results to GitHub Advanced Security, as I show in a sample workflow.

https://github.com/advanced-security/dart-analyzer-sarif

#AppSec #Dart #Flutter #Linting #SARIF #GitHub

TIL: there is Static Analysis Results Interchange Format (#SARIF):

https://developers.redhat.com/articles/2023/05/31/improvements-static-analysis-gcc-13-compiler#sarif_output

Wondering what the benefits could be for #PHP if #Psalm and/or #PHPStan supported this.

What tools / services do you use that import and do something interesting with SARIF static analysis results?

For example, GitHub Code Analysis understands SARIF. There is also a VSCode viewer plugin.

Context: thinking about adding SARIF output support to Nosey Parker, the secrets detector I'm working on: https://github.com/praetorian-inc/noseyparker

#sarif #sast #staticanalysis

Initial #sarif support is available in v0.0.21:
https://github.com/check-spelling/check-spelling/releases/tag/v0.0.21

ZAP Reports now support #SARIF thanks to https://github.com/de-jcup

https://www.zaproxy.org/docs/desktop/addons/report-generation/report-sarif-json/

GitHub #sarif reporting
https://github.com/check-spelling/check-spelling/wiki/Feature:-Sarif-output

Wobei für den Gegenangriff des #Iran wohl nicht nur die Tötung von #Solemani, sondern auch die Einreiseverweigerung ihres Außenministers #Sarif zur UNO nach New York entscheidend war.
https://www.zeit.de/politik/ausland/2020-01/iran-konflikt-un-sitzung-aussenminister-mohammed-dschawad-sarif-visum