Static analyzed code risks - NEW!

PreviousSelenium tracing - NEW!NextDashboard

Last updated 2 years ago

Static analyzed code risks - NEW!

It is required to provide a SARIF file that has been created using a static analysis tool.

Sprkl integrates with SAST tools by leveraging a generated SARIF file and instruments the risks discovered with that tool. All you need to do is provide the which (i.e. - , ). Then, you will be able to see the spans of risks in the SARIF file that actually executed during runtime.

How to enable the instrumentation?

Provide the path to the SARIF file to Sprkl CLI using the flag "--sarif".
Also, it's recommended to provide the path where the static analysis was executed from using the flag "--sarif-source-root". If this is not provided, Sprkl will try to resolve it on its own.

Note that you can use a relative path for both the SARIF file path and the source root path.

sprkl --sarif=/path/to/sarif/file --sarif-source-root=. -- npm run start

What is the SARIF format?

SARIF (Static Analysis Results Interchange Format) format is a standardized file format used to exchange structured information about potential security vulnerabilities and other issues between different software tools.

How to create a SARIF file?

Video of Sprkl integration with Semgrep

PreviousSelenium tracing - NEW!NextDashboard

Last updated 2 years ago