jul_programmer
Member
- Joined
- Aug 15, 2019
- Messages
- 16
- Programming Experience
- Beginner
SARIF, an acronym for Static Analysis Interchange Format, which is a standard (file format), designed to interact and share the results of static analyzers with other tools: IDEs, complex code verification and analysis tools (e.g. SonarQube), continuous integration systems, and others. SARIF SDK, respectively, contains .NET developer tools to support SARIF as well as additional files.
The SARIF SDK project turned out to be small: 799 .cs files (approximately 98,000 non-empty lines of code). The project contains tests that we always exclude from the check. Thus, the part of the code we were interested in was 642 .cs files (approximately 79,000 non-empty lines of code). It’s certainly not enough. On the plus side, the check and analysis were easy and fast. Nonetheless, we managed to track down some uncanny cases. Let’s have a look at them: SARIF SDK and Its Errors
The SARIF SDK project turned out to be small: 799 .cs files (approximately 98,000 non-empty lines of code). The project contains tests that we always exclude from the check. Thus, the part of the code we were interested in was 642 .cs files (approximately 79,000 non-empty lines of code). It’s certainly not enough. On the plus side, the check and analysis were easy and fast. Nonetheless, we managed to track down some uncanny cases. Let’s have a look at them: SARIF SDK and Its Errors
