Contrib.social

Proposal 2025: SARIF Integration for Error Reporting

Open on Drupal.org →
Created on 16 February 2025, 8 days ago

Mentor: @royalpinto007

Project Description:
The Static Analysis Results Interchange Format (SARIF) is a standardized format for static analysis tool output. Integrating SARIF support into Drupal's automated testing and error reporting ecosystem will improve the way developers debug and analyze issues in Drupal core and contributed modules.

This project aims to build a SARIF-compatible module or integration that allows error messages, linting reports, and test failures from Drupal's CI pipeline to be exported in SARIF format. The output can then be used in GitHub Code Scanning, VS Code's SARIF Viewer, GitLab Security Dashboards, and other compatible tools.

Project Size: 350 hours

Project Difficulty: Intermediate

Project Skills:

- PHP, Git, JavaScript, Compiler & Static Analysis (ASTs, Tokenization), CI/CD (GitHub Actions, GitLab CI)

🌱 Plan
Status

Active

Component

Organization

Created by

🇮🇳India royalpinto007

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @royalpinto007
  • Comment 7 days ago
    🇺🇸United States Stanzin

    @royal while it is true that SARIF provides a standardized way to report static analysis findings, its integration into Drupal’s ecosystem seems unnecessary. why because drupal’s CI pipeline already leverages well-established tools like PHPStan, PHPCS, and PHPUnit, which produce detailed reports in widely supported formats such as JSON, XML, and plain text. while These formats are compatible with existing CI environments like DrupalCI, GitHub Actions, and GitLab CI, eliminating the need for SARIF.

    Let me know your thought process, I might be wrong )

  • Comment 5 days ago
    🇮🇳India aditya4478
  • Comment 5 days ago
    🇮🇳India aditya4478
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024