Industry Leaders Collaborate to Define SARIF Interoperability Standard for Detecting Software Defects and Vulnerabilities

Posted on


Members of the OASIS nonprofit consortium are working together to define an international interoperability standard for static analysis. The goal is to make it easier for software developers to assess the quality and security of their programs by aggregating data from multiple tools.

The new OASIS Static Analysis Results Interchange Format (SARIF) Technical Committee brings together major software companies, cybersecurity providers, government, security orchestration specialists, programmers, and consultants to agree on a data format that will be parseable by tools across the industry.

GrammaTech VP of Engineering, Paul Anderson, said, “SARIF fills an important gap in software engineering tools. It enables the integration of static-analysis tool results in a plug-and-play manner into a highly-automated software development ecosystem. It has the potential to lower the cost of static-analysis tool adoption, which will benefit both tool vendors and tool users alike.”

For the full OASIS press release, click here.

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now