Skip to content

Add support for SARIF output to pyAnalyze #403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tautschnig wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add support for SARIF output to pyAnalyze #403

tautschnig wants to merge 3 commits into from

Conversation

@tautschnig
Copy link
Contributor

@tautschnig tautschnig commented Feb 10, 2026

Description of changes:

We previously added SARIF tooling and actual use to StrataVerify. This adds the same support to pyAnalyze, which is enabled when adding --sarif to a pyAnalyze invocation. Testing added to CI.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@tautschnig
Add support for SARIF output to pyAnalyze
6d0e593 
We previously added SARIF tooling and actual use to StrataVerify. This
adds the same support to pyAnalyze, which is enabled when adding
`--sarif` to a `pyAnalyze` invocation. Testing added to CI.
Copilot AI review requested due to automatic review settings February 10, 2026 14:10
@tautschnig tautschnig requested a review from a team as a code owner February 10, 2026 14:10
Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds SARIF emission support to the strata pyAnalyze command (enabled via --sarif) and wires up CI coverage to validate the generated SARIF output for selected Python test programs.

Changes:

  • Extend strata CLI command handling to support per-command flags and add --sarif to pyAnalyze.
  • Generate and write SARIF output for pyAnalyze runs when requested.
  • Add a new Bash test script for SARIF validation and run it in CI; ignore generated *.sarif files in the Python test directory.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
StrataTest/Languages/Python/run_py_analyze_sarif.sh New test script that runs pyAnalyze --sarif and validates SARIF JSON structure/content.
StrataTest/Languages/Python/.gitignore Ignore generated SARIF files alongside generated Ion files.
StrataMain.lean Add SARIF output to pyAnalyze and introduce per-command flag parsing.
.github/workflows/ci.yml Run the new SARIF test script in CI after existing pyAnalyze tests.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

tautschnig and others added 2 commits February 10, 2026 17:23
@tautschnig
Update StrataTest/Languages/Python/run_py_analyze_sarif.sh
f10855c 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@tautschnig
Update StrataMain.lean
3f05327 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tautschnig