-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SARIF output #579
base: master
Are you sure you want to change the base?
Add SARIF output #579
Conversation
99d4277
to
0913f5d
Compare
0cfcac0
to
c297186
Compare
c297186
to
cc23c14
Compare
Signed-off-by: Mathieu Rul <[email protected]>
Signed-off-by: Mathieu Rul <[email protected]>
Signed-off-by: Mathieu Rul <[email protected]>
Signed-off-by: Mathieu Rul <[email protected]>
Signed-off-by: Mathieu Rul <[email protected]>
Signed-off-by: Mathieu Rul <[email protected]>
Signed-off-by: Mathieu Rul <[email protected]>
cc23c14
to
d5afff1
Compare
@adrienverge do you think SARIF support can be added to YAML lint? I saw your comment #441 (comment), indeed SARIF can be seen as third-party, but it's intended to be a standard compared to JUnit or other formats. |
Hello Mathieu, please excuse my late reply. You understood it right in #441 (and other discussions): new output formats are not planned for addition. There would be too many of them. I'm sorry. |
That's really unfortunate and I can understand your point for not adding a new format. But I would like to insist on the fact that SARIF is standard, from the doc it says:
Since SARIF is a standard, it is supported by GitHub and SonarQube out of the box. |
Hello Mathieu, thanks for insisting. About the pull request itself, I have a few comments. Is the first commit (Refactor problems output) really needed? I'm afraid that it postpones the printing of problems to yamllint's output, which is not optimal: it delays results that could be printed on the fly; also, in case of a crash on the last YAML file, problems of previous files won't be shown. Another approach could be to use instances of formatter classes (see my proposal below), and each problem found could be immediately printed with About the second commit (Move formatters to dedicated module): given the small size of each formatter code, I'd rather avoid creating a new module In the third commit (Add support for SARIF format), please set the copyright of Commit Fix null rule for syntax error: it looks like a breaking change for the In the tests, I suggest removing Finally please review contribution guidelines to make sure eveything's OK. In particular the SARIF formatter commit should explain what is SARIF and why it's a nice addition. The 2 last commits are just fixups and should be squashed in their relative commit. Tests should go in the same commit as the SARIF feature itself. I don't see any update to the documentation, but it's fine to me ( |
Description
Add SARIF output and fixes #578.
Changes