Skip to content

mirswamp/swamp-scarf-sarif

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
LICENSE.txt
LICENSE.txt
 
 
README.adoc
README.adoc
 
 
swamp-scarf-sarif
swamp-scarf-sarif
 
 

Repository files navigation

SWAMP SCARF to SARIF

Module Version: 1.0.0

Last updated on 05-17-2019

Sarif version currently tracking: 2.1.0

Description

The Software Assurance Marketplace (SWAMP) runs software assurance tools, and converts the results of each tool into a common format called SCARF (SWAMP Common Assessment Result Format). There exists a new format being developed by OASIS called SARIF. This repository contains a command line program that takes in a SCARF file as well as other data generated by an assessment in SWAMP and outputs a SARIF file. This converter uses swamp-sarif-io to create the output file. See its documentation for the SARIF features supported.

Usage

Usage: ./swamp-scarf-sarif [options]

options:
    --help                      -h print this message
    --version                   -v print version
    --compact                   -c print compactly (no indents)
    --scarf=<FILE>              -x path to scarf file
    --summary=<FILE>            -s path to assessment_summary file
    --hashes=<FILE>             -l path to file containing list of hashes
    --build=<DIR>               -b path to build directory
    --error=<STRING>            -e reasons assessment failed
    --external=<STRING>         -t objects to be externalized
    --output=<FILE>             -o output file name/path
    --setenv                    -n reduce conversion env output

Examples

This command generates the most complete sarif file possible by providing all the data used by the converter that is available in a SWAMP output directory:

swamp-scarf-sarif --scarf $dirName/parsed_results/parsed_results.xml --summary $dirName/results/assessment_summary.xml --hashes $dirName/hashes.txt --build $dirName/build/ --output output.sarif

This command generates the most complete sarif file possible and externalizes all possible properties and reduces conversion env output:

swamp-scarf-sarif --scarf $dirName/parsed_results/parsed_results.xml --summary $dirName/results/assessment_summary.xml --hashes $dirName/hashes.txt --build $dirName/build/ --output output.sarif --setenv --external conversion=conversion.sarif --external artifacts=artifacts.sarif --external invocations=invocations.sarif --external properties=properties.sarif --external results=results.sarif

Requirements

The following Perl libraries should be installed for the program to work correctly:

About

Tool to convert SCARF files to SARIF files

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages