-
Story
-
Resolution: Unresolved
-
Critical
-
None
-
Product / Portfolio Work
-
3
-
False
-
-
False
-
-
Not Selected
-
-
-
Workloads - Train 35 - 2
-
None
Value Statement
SARIF is a common format understood by GitHub and others, for the results of static scans. Currently our linter emits things in a bespoke format, which is concise and useful when running on the command line. However, a more structured and standardized format may help it integrate with code editors or other tools.
Information on the format can be found at:
- https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
- https://github.com/microsoft/sarif-tutorials
Definition of Done for Engineering Story Owner (Checklist)
- ...
Development Complete
- The code is complete.
- Functionality is working.
- Any required downstream Docker file changes are made.
Tests Automated
- [ ] Unit/function tests have been automated and incorporated into the
build. - [ ] 100% automated unit/function test coverage for new or changed APIs.
Secure Design
- [ ] Security has been assessed and incorporated into your threat model.
Multidisciplinary Teams Readiness
- [ ] Create an informative documentation issue using the Customer
Portal Doc template that you can access from [The Playbook](
and ensure doc acceptance criteria is met.
- Call out this sentence as it's own action:
- [ ] Link the development issue to the doc issue.
Support Readiness
- [ ] The must-gather script has been updated.