Skip to content

Merge sarif files #3177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Aug 6, 2025
Merged

Merge sarif files #3177

merged 6 commits into from
Aug 6, 2025
+307 −2

Conversation

nojaf
Copy link
Contributor

@nojaf nojaf commented Aug 4, 2025

Fixes #3175

@nojaf nojaf marked this pull request as ready for review August 5, 2025 08:26
@nojaf nojaf requested a review from dawedawe August 5, 2025 08:27
@nojaf
Copy link
Contributor Author

nojaf commented Aug 5, 2025

@TheAngryByrd maybe "a version" of this merging process should be available somewhere in the analyzer SDK? Perhaps a sub command in the cli tool, I don't quite know where but this would be useful.

Alternatively, if the cli tool accepts multiple fsprojs and only creates a single output file the problem is solved as well.

@TheAngryByrd
Copy link
Contributor

Yeah I was going to suggest adding this to analyzers cli. —merge-sarif with a list/glob would be fine enough.

@Numpsy
Copy link
Contributor

Numpsy commented Aug 6, 2025

As an aside, how close is all that Sarif merger code to being able to write the sarif files to begin with, so it's all self contained rather than using Sarif.Sdk?
Asking because I once borrowed a bunch of the Sarif code from the Analyzers SDK to do fsprojects/FSharpLint#702 and I wonder if a completed version of that might find the merge code useful as well.

@nojaf
Copy link
Contributor Author

nojaf commented Aug 6, 2025

@Numpsy yes, there probably is some sarif synergy possible.
Though, I'm leaning a bit more towards the analyzers cli being able to accept multiple projects. That might be the more interesting fix for this problem.

dawedawe
dawedawe reviewed Aug 6, 2025
View reviewed changes
@nojaf nojaf merged commit cbee488 into fsprojects:main Aug 6, 2025
8 of 9 checks passed
@Numpsy
Copy link
Contributor

Numpsy commented Aug 23, 2025

Though, I'm leaning a bit more towards the analyzers cli being able to accept multiple projects. That might be the more interesting fix for this problem.

Actually I think the current versions of FSharpLint can be pointed at a single solution or solution filter and will then just generate a single report containing all the projects in the solution (though that will always do everything, you can't do a whole solution and exclude one project)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dawedawe dawedawe dawedawe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sarif file update
4 participants
@nojaf @TheAngryByrd @Numpsy @dawedawe