Format guide

SARIF

Static Analysis Results Interchange Format

SARIF is the OASIS-standardized JSON format for static analysis tool output. Every modern security/quality scanner, CodeQL, Semgrep, Bandit, ESLint, Snyk, Checkmarx, Sonar, exports SARIF. GitHub Code Scanning consumes SARIF natively for its security alerts UI. The format is verbose but well-typed, with rich location, fix-suggestion, and rule metadata.

How to open a SARIF file

Microsoft's sarif-web-component (browser viewer), VS Code SARIF extension. GitHub renders SARIF natively in the Security tab. Convert to CSV/HTML for sharing scan results with non-engineering stakeholders.

Primary use

Static analysis result interchange between tools and review platforms.

Convert SARIF to other formats

SARIF → CSV
SARIF → HTML report

Looking for something else? Browse the full list of 192 converters.