-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
diff
functionality
#75
Comments
I agree that supporting diff based on the Checking
I'm hesitant to add this level of complexity without feedback from more users. |
Thanks for answering. I'm coming from the requirement to produce a SARIF with The appendix linked states,
So, perhaps using a SARIF with
I'm with you on this. We've a requirement that we handle SARIF files from any tool that supports this output. So, while it could potentially be a SARIF with any of the available attributes, it's likely to end up being only a subset of these multiple attributes. |
Are you requesting that we provide a way to diff two files ("new" and "old") and update the "new" file with
My read of the spec is that
|
Yeah. The goal is to produce a SARIF file 'C', from SARIF files 'A' and 'B' where 'C' contains the results with I'm a bit confused about the usage of |
Ok, that makes sense. However, I think the initial implementation would likely only consider
|
Thanks, I think we're on the same page here. I agree that you'd need feedback from users before adding a feature to specify additional fields. However, I doubt there would be such requirements from the general users right now :)
I agree with you on this as well. And this is not something that can be exposed generally because the properties within |
Hi, this is a question/discussion regarding the diff functionality.
I see that the diff functionality takes into account the
Location
andLine
property to compute the list of new findings per severity. However, per the SARIF spec, thefingerprints
andpartialFingerprints
provide a one-stop check for uniqueness. I understand what's provided as part ofdiff
functionality partially makes sense in the scenario perhaps where none of the fingerprints attributes are present.What are your thoughts on the other result attributes such as
codeFlow
,stacks
, different attributes oflocation
attribute etc that can be used to distinguish if results are unique? Would you suggest they be considered outside the scope of this project's implementation? Any ideas on how to handle those cases? Perhaps accept a list of attributes that would serve as the order to compare results against?The text was updated successfully, but these errors were encountered: