bronevichok

Commit Diff

Commit:: 7dca5919e50025b5522e38b671de1fcae6c4976c
From:: Sergey Bronnikov <estetus@gmail.com>
Date:: Wed Sep 11 18:50:49 2024 UTC
Message:: Updated Support SARIF (markdown)
Actions:: Patch | Tree

commit - 0c70ae067e652891401a12721a2009331a13b206
commit + 7dca5919e50025b5522e38b671de1fcae6c4976c
blob - bbddc80f89eb96fba163387f49a86227a6416224
blob + 999c3a5b1f015b0e6a61e5bc7074c50ff67612d7
--- Support-SARIF.md
+++ Support-SARIF.md
@@ -28,7 +28,7 @@ This page contains tools that support SARIF format and
 - [GitLeaks](https://github.com/gitleaks/gitleaks) protect and discover secrets in Git. 
 - [tfsec](https://github.com/aquasecurity/tfsec) is a security scanner for your Terraform code 
 - [TerraScan](https://runterrascan.io) detect compliance and security violations across Infrastructure as Code (IaC) to mitigate risk before provisioning cloud native infrastructure. See [documentation](https://runterrascan.io/docs/integrations/_print/).
-- [CASR](https://github.com/ispras/casr) collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
+- [CASR](https://github.com/ispras/casr) (`--sarif out.sarif`) collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
 - [DefectDojo](https://documentation.defectdojo.com/integrations/parsers/file/sarif/).
 - [njsscan](https://github.com/ajinabraham/njsscan) is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
 - [FlawFinder](https://github.com/david-a-wheeler/flawfinder) is a static analysis tool for finding vulnerabilities in C/C++ source code.