SARIF file parser

Use the SARIF File Parser bundled plugin to process the contents of SARIF files in your agent's workspace and convert them into findings.

SARIF (Static Analysis Results Interchange Format) is a standard file format in which static code analysis tools, such as OpenText Fortify, produce code scanning results.

SARIF file limitations

To ensure that agents run smoothly, PulseUno enforces the following requirements on SARIF files:

Limit type Description
SARIF version PulseUno supports the SARIF 2.1.0 standard.
File size A SARIF file must not exceed 50 MB. Larger files are rejected.
Runs per file PulseUno accepts the first 20 runs in a single SARIF file and truncates the rest.
Results per run

A single run can contain up to 25,000 security issues. If there are more issues, they are truncated.

Only the first 5,000 most severe issues are converted into findings and stored in PulseUno.

Rules per run A single run can contain up to 25,000 rules. If there are more rules, they are truncated.
Locations per result

PulseUno can process up to 1,000 locations of an issue in a file. If there are more locations, they are truncated.

Only the first 100 locations are converted into findings and stored in PulseUno.

Tags per rule PulseUno accepts 10 tags per rule and truncates the rest.

Back to top

Configure the plugin

Add the SARIF File Parser plugin to a chain and point to one or more SARIF files from which you want to generate findings.

To configure the SARIF File Parser step:

  1. Add the SARIF File Parser step to a chain, as described in Create chains.

  2. Enter the plugin configuration details:

    Field Description
    Title (Optional) Rename the plugin step.
    Include files

    (Optional) To parse a set of SARIF files, enter one or more file names or patterns, one per line. You can use the asterisk (*) wildcard.

    By default, all the .sarif files in the agent's workspace are included for parsing: **/*.sarif

    Exclude files (Optional) To exclude certain SARIF files from being parsed, enter one or more file names or patterns, one per line. You can use the asterisk (*) wildcard.
    Control options

    (Optional) Define the control options for the plugin step:

    • Enable step. By default, the step is enabled to run. Clear this option if you need to deactivate the step.

      Disabled steps are skipped when the chain runs.

    • Fail the step. Specify the conditions for failing the step, such as unit test failures, findings criteria, and/or console log entries.

    • Mark step as unstable. Specify the conditions for making the step unstable, such as unit test failures, findings criteria, and/or console log entries.

    Output variables (Optional) Specify the output variables to be passed to other steps down the chain. For details, see Publish output variables.
  3. Save the chain.

Back to top

See also: