---
_id: '23389'
abstract:
- lang: eng
  text: "Background - Software companies increasingly rely on static analysis tools
    to detect potential bugs and security vulnerabilities in their software products.
    In the past decade, more and more commercial and open-source static analysis tools
    have been developed and are maintained. Each tool comes with its own reporting
    format, preventing an easy integration of multiple analysis tools in a single
    interface, such as the Static Analysis Server Protocol (SASP). In 2017, a collaborative
    effort in industry, including Microsoft and GrammaTech, has proposed the Static
    Analysis Results Interchange Format (SARIF) to address this issue. SARIF is a
    standardized format in which static analysis warnings can be encoded, to allow
    the import and export of analysis reports between different tools.\r\nPurpose
    - This paper explains the SARIF format through examples and presents a proof of
    concept of the connector that allows the static analysis tool CogniCrypt to generate
    and export its results in SARIF format.\r\nDesign/Approach - We conduct a cross-sectional
    study between the SARIF format and CogniCrypt's output format before detailing
    the implementation of the connector. The study aims to find the components of
    interest in CogniCrypt that the SARIF export module can complete.\r\nOriginality/Value
    - The integration of SARIF into CogniCrypt described in this paper can be reused
    to integrate SARIF into other static analysis tools.\r\nConclusion - After detailing
    the SARIF format, we present an initial implementation to integrate SARIF into
    CogniCrypt. After taking advantage of all the features provided by SARIF, CogniCrypt
    will be able to support SASP."
author:
- first_name: Sriteja
  full_name: Kummita, Sriteja
  id: '72582'
  last_name: Kummita
- first_name: Goran
  full_name: Piskachev, Goran
  id: '41936'
  last_name: Piskachev
  orcid: 0000-0003-4424-5838
citation:
  ama: Kummita S, Piskachev G. <i>Integration of the Static Analysis Results Interchange
    Format in CogniCrypt</i>.; 2019.
  apa: Kummita, S., &#38; Piskachev, G. (2019). <i>Integration of the Static Analysis
    Results Interchange Format in CogniCrypt</i>.
  bibtex: '@book{Kummita_Piskachev_2019, title={Integration of the Static Analysis
    Results Interchange Format in CogniCrypt}, author={Kummita, Sriteja and Piskachev,
    Goran}, year={2019} }'
  chicago: Kummita, Sriteja, and Goran Piskachev. <i>Integration of the Static Analysis
    Results Interchange Format in CogniCrypt</i>, 2019.
  ieee: S. Kummita and G. Piskachev, <i>Integration of the Static Analysis Results
    Interchange Format in CogniCrypt</i>. 2019.
  mla: Kummita, Sriteja, and Goran Piskachev. <i>Integration of the Static Analysis
    Results Interchange Format in CogniCrypt</i>. 2019.
  short: S. Kummita, G. Piskachev, Integration of the Static Analysis Results Interchange
    Format in CogniCrypt, 2019.
date_created: 2021-08-12T14:04:46Z
date_updated: 2022-01-06T06:55:52Z
extern: '1'
keyword:
- Static Analysis
- Static Analysis Results Interchange Format
- SARIF
- Static Analysis Server Protocol
- SASP
language:
- iso: eng
main_file_link:
- url: https://arxiv.org/abs/1907.02558
status: public
title: Integration of the Static Analysis Results Interchange Format in CogniCrypt
type: report
user_id: '72582'
year: '2019'
...