Issue 1: SARIF Output Support for GitHub Security Tab Integration
Description: Currently, ChainProof only supports JSON, Markdown, and Table output formats. GitHub's Security tab requires SARIF (Static Analysis Results Interchange Format) for displaying security findings in a standardized way. Adding SARIF support would enable seamless integration with GitHub's native security features, allowing teams to track security findings over time, filter by severity, and manage code security alerts directly in the GitHub UI.
Files to Update:
packages/core/src/types.ts - Add SARIF-specific types
packages/core/src/report/generator.ts - Add generateSARIFReport() function
packages/cli/src/cli.ts - Add --format sarif option
packages/core/src/index.ts - Export new SARIF generator
Implementation Details:
Create SARIF schema-compliant output with proper run, results, and rule objects
Map ChainProof severity levels to SARIF level (error, warning, note)
Include source code snippets in SARIF physicalLocation artifacts
Add SWC registry references in rule.helpUri
Update CLI to validate SARIF output when used with --output
Acceptance Criteria:
SARIF output validates against GitHub's schema
Findings appear correctly in GitHub Security tab
Includes all metadata (severity, line numbers, descriptions)
Maintains backward compatibility with existing formats
Issue 1: SARIF Output Support for GitHub Security Tab Integration
Description: Currently, ChainProof only supports JSON, Markdown, and Table output formats. GitHub's Security tab requires SARIF (Static Analysis Results Interchange Format) for displaying security findings in a standardized way. Adding SARIF support would enable seamless integration with GitHub's native security features, allowing teams to track security findings over time, filter by severity, and manage code security alerts directly in the GitHub UI.
Files to Update:
packages/core/src/types.ts - Add SARIF-specific types
packages/core/src/report/generator.ts - Add generateSARIFReport() function
packages/cli/src/cli.ts - Add --format sarif option
packages/core/src/index.ts - Export new SARIF generator
Implementation Details:
Create SARIF schema-compliant output with proper run, results, and rule objects
Map ChainProof severity levels to SARIF level (error, warning, note)
Include source code snippets in SARIF physicalLocation artifacts
Add SWC registry references in rule.helpUri
Update CLI to validate SARIF output when used with --output
Acceptance Criteria:
SARIF output validates against GitHub's schema
Findings appear correctly in GitHub Security tab
Includes all metadata (severity, line numbers, descriptions)
Maintains backward compatibility with existing formats