Crate sarif_rust 

SARIF Rust Library

A comprehensive Rust library for parsing, generating, and manipulating SARIF (Static Analysis Results Interchange Format) v2.1.0 files.

SARIF is a standard JSON format for the output of static analysis tools. This library provides complete support for the SARIF v2.1.0 specification with type-safe parsing, generation, validation, and manipulation capabilities.

Features

• Complete SARIF v2.1.0 Support: Full specification compliance with all optional fields
• Type-Safe API: Leverages Rust’s type system for correctness and safety
• Builder Pattern: Ergonomic API for programmatic SARIF generation
• Advanced Querying: Powerful filtering and search capabilities
• Merge & Diff: Combine multiple SARIF files or compare them
• Multiple Formats: Export to CSV, HTML, GitHub Security Advisory format
• High Performance: Streaming parser for large files with memory efficiency
• Comprehensive Validation: Multiple validation levels from minimal to pedantic
• Schema Evolution: Automatic migration between SARIF versions

Quick Start

Parsing SARIF Files

use sarif_rust::SarifLog;

// Parse from file
let sarif: SarifLog = sarif_rust::from_file("results.sarif")?;

// Parse from string
let json_content = std::fs::read_to_string("results.sarif")?;
let sarif: SarifLog = sarif_rust::from_str(&json_content)?;

// Access results
for run in &sarif.runs {
    println!("Tool: {}", run.tool.driver.name);
    if let Some(results) = &run.results {
        for result in results {
            println!("  Issue: {}",
                result.message.text.as_deref().unwrap_or("no message"));
        }
    }
}

Building SARIF Files

use sarif_rust::SarifLogBuilder;

// Create a basic SARIF log
let sarif = SarifLogBuilder::new()
    .with_schema("https://json.schemastore.org/sarif-2.1.0.json")
    .build_unchecked(); // Note: use build()? for validation

// Convert to JSON
let json = sarif_rust::to_string_pretty(&sarif)?;
println!("{}", json);

Error Handling

All operations return Result<T, SarifError> where SarifError provides detailed information about what went wrong:

use sarif_rust::SarifError;

match sarif_rust::from_file("invalid.sarif") {
    Ok(sarif) => println!("Parsed successfully"),
    Err(SarifError::Io(e)) => eprintln!("IO error: {}", e),
    Err(SarifError::Json(e)) => eprintln!("JSON parsing error: {}", e),
    Err(SarifError::Validation(e)) => eprintln!("Validation error: {}", e),
    Err(e) => eprintln!("Other error: {}", e),
}

Re-exports

pub use parser::from_file;

pub use parser::from_str;

pub use parser::to_string;

pub use parser::to_string_pretty;

pub use parser::to_file;

pub use builder::*;

pub use parser::*;

pub use types::*;

Modules

builder

Builder pattern implementations for creating SARIF objects

parser

SARIF parsing and serialization functionality

prelude

Re-export commonly used types and functions for convenience

types

Core SARIF data structures and types

utils

Utility functions and helpers for SARIF processing

Constants

SARIF_VERSION

SARIF specification version supported

VERSION

Library version