stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/sarif-2-1-0-export-system.md

2.7 KiB
Raw Blame History

SARIF 2.1.0 Export System (Findings, SmartDiff, GitHub Code Scanning)

Module

Scanner

Status

IMPLEMENTED

Description

Full SARIF 2.1.0 export service with rule registry (STELLA-VULN, STELLA-SEC, STELLA-SC, STELLA-BIN taxonomy), fingerprint generation, schema validation, export options, and dedicated library. Exports both main findings and SmartDiff results (rules SDIFF001-004). GitHub code scanning integration endpoints and IDE-compatible output.

Implementation Details

  • SARIF Export Service:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/SarifExportService.cs - SarifExportService converts scanner findings into SARIF 2.1.0 format documents
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/ISarifExportService.cs - Interface for SARIF export
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/SarifExportOptions.cs - SarifExportOptions controlling export behavior (include SmartDiff, fingerprints, etc.)
  • Rule Registry:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/Rules/SarifRuleRegistry.cs - SarifRuleRegistry maintaining the taxonomy of SARIF rules (STELLA-VULN, STELLA-SEC, STELLA-SC, STELLA-BIN) and SmartDiff rules (SDIFF001-004)
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/Rules/ISarifRuleRegistry.cs - Interface for rule registry
  • Fingerprint Generation:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/Fingerprints/FingerprintGenerator.cs - FingerprintGenerator produces deterministic fingerprints for SARIF results to enable deduplication
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/Fingerprints/IFingerprintGenerator.cs - Interface for fingerprint generation
  • Models:
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/Models/SarifModels.cs - SARIF 2.1.0 data models (SarifLog, Run, Result, Rule, Location, etc.)
    • src/Scanner/__Libraries/StellaOps.Scanner.Sarif/FindingInput.cs - FindingInput model converting scanner findings into SARIF-compatible input

E2E Test Plan

  • Export scanner findings in SARIF 2.1.0 format and verify the output validates against the SARIF 2.1.0 JSON schema
  • Verify the rule registry includes all expected rule IDs (STELLA-VULN-, STELLA-SEC-, STELLA-SC-, STELLA-BIN-) with correct taxonomy metadata
  • Verify SmartDiff results are exported with rules SDIFF001-004 and include change context (added/removed/modified findings)
  • Verify fingerprint generation produces deterministic fingerprints for the same finding across exports
  • Verify the SARIF output is compatible with GitHub code scanning upload format (correct schema version, tool information, and result structure)
  • Verify SarifExportOptions correctly controls which findings are included (e.g., filtering by severity, including/excluding SmartDiff)