Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SARIF 2.2 Proposal: workItemUris no longer required to be all or nothing for a run #614

Open
ShiningMassXAcc opened this issue Nov 9, 2023 · 2 comments
Open

SARIF 2.2 Proposal: workItemUris no longer required to be all or nothing for a run #614

ShiningMassXAcc opened this issue Nov 9, 2023 · 2 comments
Labels
2.2.0

Comments

@ShiningMassXAcc
Copy link
Contributor

ShiningMassXAcc commented Nov 9, 2023
edited
Loading

Per https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790915:

The workItemUris values for all result objects in theRun SHALL be either all null or all non-null.

NOTE 1: The rationale is that an engineering system will generally track work item status for all results or for none of them. Requiring that the workItemUris values be either all null or all non-null enables a consumer to determine whether work item information is available for the run by examining a single result object.

This rationale has not been true for our teams' use cases. In particular, work item tracking will exist as configured by the customer within the result tracking system for a subset of results based on those results properties. For example, a tool may only file work items for results of level error.

Additionally, a log can contain multiple runs and multiple tools - those runs and tools may not have the same treatment by the ES tool doing the work item management.

Included in this, we should not encourage the examination of one result in a run to determine overall presence of these items.

Thoughts?

Note - I'm not beholden to this being included in 2.2, but using that for consistent titling for now.
@ShiningMassXAcc ShiningMassXAcc changed the title SARIF V.Next proposal: workItemUris no longer required to be all or nothing for a run SARIF V.Next proposal: 'workItemUris' no longer required to be all or nothing for a run Nov 9, 2023
@ShiningMassXAcc ShiningMassXAcc changed the title SARIF V.Next proposal: 'workItemUris' no longer required to be all or nothing for a run SARIF V.Next proposal: workItemUris no longer required to be all or nothing for a run Nov 9, 2023
@ShiningMassXAcc ShiningMassXAcc changed the title SARIF V.Next proposal: workItemUris no longer required to be all or nothing for a run SARIF 2.2 proposal: workItemUris no longer required to be all or nothing for a run Nov 9, 2023
@ShiningMassXAcc ShiningMassXAcc changed the title SARIF 2.2 proposal: workItemUris no longer required to be all or nothing for a run SARIF 2.2 Proposal: workItemUris no longer required to be all or nothing for a run Nov 9, 2023
@KalleOlaviNiemitalo
Copy link

suppressions is likewise required to be all or nothing. Related issues: dotnet/roslyn#62894, microsoft/sarif-sdk#2508.

But perhaps the rationale for allowing sparsely specified workItemUris does not apply to suppressions.

@michaelcfanning
Copy link
Contributor

Yes, suppressions is a special case, imagine a log file with no explicit empty suppressions. Was this because there weren't, in fact, any suppressions? Or did the user perhaps fail to compile code conditionally (as is required in .NET) to obtain the suppressions data?

We followed a similar line of thinking with work items, i.e., does the absence of any work item data mean a work item hasn't been filed yet? Or does it mean that the log file we're processing is work items-agnostic?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.2.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@adityasharad @michaelcfanning @ShiningMassXAcc @KalleOlaviNiemitalo