Static analyzed code risks - NEW!
Last updated
Last updated
Sprkl integrates with SAST tools by leveraging a generated SARIF file and instruments the risks discovered with that tool. All you need to do is provide the which (i.e. - , ). Then, you will be able to see the spans of risks in the SARIF file that actually executed during runtime.
Provide the path to the SARIF file to Sprkl CLI using the flag "--sarif".
Also, it's recommended to provide the path where the static analysis was executed from using the flag "--sarif-source-root". If this is not provided, Sprkl will try to resolve it on its own.
SARIF (Static Analysis Results Interchange Format) format is a standardized file format used to exchange structured information about potential security vulnerabilities and other issues between different software tools.
on the project and export the results in SARIF format.
To create a SARIF file, you need to perform static analysis on your project using a tool like or . When executing the tool, you can typically specify a flag to export the results in SARIF format.