Hacker NewsNew features in GCC 16: Improved error messages and SARIF output
https://developers.redhat.com/articles/2026/04/28/gcc-16-improved-error-messages-sarif-output
#HackerNews #GCC16 #ErrorMessages #SARIF #Output #Development #Tools #Programming
CLion Blog
michabbb• ⚙️ Customizable configuration with rules, allowlists, and entropy checks to reduce false positives
• 📊 Flexible reporting in multiple formats (#JSON, #CSV, #JUnit, #SARIF) with custom template options
https://github.com/gitleaks/gitleaks
• 📊 Flexible reporting in multiple formats (#JSON, #CSV, #JUnit, #SARIF) with custom template options
https://github.com/gitleaks/gitleaks
HabrPVS-Studio соответствует требованиям ГОСТ Р 71207—2024 (статический анализ программного обеспечения)
Инструментальное средство PVS-Studio разрабатывается с учётом требований, предъявляемых к статическим анализаторам в ГОСТ Р 71207–2024, выявляет критические ошибки и может использоваться при разработке безопасного программного обеспечения. Рассмотрим функциональные возможности, реализованные в PVS-Studio на конец 2024 года в отношении анализа исходного кода программного обеспечения, написанного на компилируемых языках программирования C, C++, C#, Java.
https://habr.com/ru/companies/pvs-studio/articles/868578/
#pvsstudio #информационная_безопасность #статический_анализ_кода #ГОСТ_Р_712072024 #ГОСТ_Р_71207 #ГОСТ_Р_56939 #SAST #c #c++ #java #c# #си #си++ #static_code_analysis #анализ_программы #анализ_потоков_данных #контекстночувствительный_анализ #критические_ошибки #CWE #SARIF #РБПО #разработка_безопасного_ПО #использование_чувствительных_данных
Joxean Koret (@matalaz)TIL there is a thing called #Sarif, a Static Analysis Results Interchange Format, developed by Microsoft.
https://groups.oasis-open.org/communities/tc-community-home2?CommunityKey=c64ae352-bebf-446d-8ebf-018dc7d3eeb0
https://groups.oasis-open.org/communities/tc-community-home2?CommunityKey=c64ae352-bebf-446d-8ebf-018dc7d3eeb0
raptorAwesome tool released by @trailofbits ✊
Streamline your static analysis triage with #SARIF Explorer
ϺΛDИVTTΛHYup. The nightly build is there. I'm pretty confident that the #automatedBuild will run too. 
I've added #trivy #opensource #vulnerability scanner. It will run on schedule for testing and will be later included into the #cd #pipeline. The #sarif report will be attached to madnuttah bot's releases as build artifact.
GitHub - madnuttah/unbound-docker: 🛡️ This distroless Unbound Docker image is based on Alpine Linux with focus on security, privacy, performance and a small image size. And with Pi-hole in mind.
🛡️ This distroless Unbound Docker image is based on Alpine Linux with focus on security, privacy, performance and a small image size. And with Pi-hole in mind. - madnuttah/unbound-docker
Anders EknertTook some time to look into implementing a #SARIF output format option for #Regal yesterday. Regal a linter, and SARIF a standard format for static analysis, so it seemed like a reasonable thing to have. The specification however is 280 pages long! 😫 I skipped that and went straight for the libraries. Found one for #golang and had a PR up an hour later. Just a prettier way to build a struct for marshaling really, but I’ll take that over 280 pages of SHALL, MAY and MUST.
aegilopsI've made a Python 
code linting Action ▶️ for GitHub 
Code Scanning.
It wraps up #Ruff, #Flake8, #Pylint, #Fixit2, #Mypy, #Pyright and #Pytype into an Action that uploads to Code Scanning, part of Advanced Security, the GitHub appsec platform.
ℹ️ that’s free for open source repos hosted on GitHub!
Read 📖 about it👇 on my blog:
https://lnkd.in/es_pd2W6
Try ⚙️ it👇 on the Actions ▶️ marketplace:
https://lnkd.in/ei7-H2V9
#Python #Linting #CodeQuality #Linters #SARIF #GitHubActions
I've recently started using the #SARIF Viewer extension to view #semgrep scan results in #vscode and it's awesome!
It provides a much more streamlined experience compared to what I was used to. I recommend to try it out, it might drastically improve your workflow.
https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer
