OculusCyber Logo

OculusCyber

Home

Browse Topics

Security Best Practices

AI Security Frameworks

Threat Intelligence

Compliance

What is SARIF format? Benefits for Integration of various scan tools

By oculus

November 9, 2025

SARIF (Static Analysis Results Interchange Format) is an open, standardized, JSON-based format for the output of static analysis tools. It was developed by the OASIS consortium to address the challenge of integrating various analysis tools, which historically produced results in different, proprietary formats.

The primary goal of SARIF is to create a common, machine-readable format that enables seamless aggregation, viewing, and management of analysis results across different tools, platforms (like GitHub Code Scanning, IDEs), and workflows (DevSecOps pipelines).

Key Components of a SARIF file

A SARIF log file is a JSON document that typically contains the following elements:

  • $schema and version: Identifies the specific SARIF schema and version being used (commonly version 2.1.0).
  • runs: An array where each item represents a single execution of an analysis tool.
  • tool: Describes the specific analysis tool that performed the scan, including its name, version, and the rules it applied.
  • results: This is where the actual findings (issues, vulnerabilities, or recommendations) are detailed. Each result typically includes:
    • A ruleId that links back to a specific rule definition.
    • A descriptive message.
    • locations in the source code (file path, line numbers).
    • Severity levels and, potentially, suggested fixes.
  • rules: A detailed catalog, usually defined within the tool object, of all possible rules that were applied during a scan. This section includes rich metadata like rule descriptions, severity, and remediation guidance.
  • artifacts: Information about the files that were scanned, including URIs and hashes.

Benefits

  • Interoperability: Enables different tools and platforms to "talk" to each other without needing custom parsers for each specific tool's output.
  • Standardization: Provides a consistent way to view, triage, and act on vulnerabilities, regardless of the generating tool.
  • Enhanced Triage: Standardized, rich metadata (e.g., source code locations, data flows, severity levels) helps security engineers and developers efficiently filter, prioritize, and manage issues.
  • Workflow Integration: Facilitates seamless integration into modern DevSecOps and CI/CD pipelines, allowing findings to be displayed directly in relevant platforms like GitHub pull requests.