Support SARIF format

[chao2zhang]

Github has the capabilitiy to integrate third-party static analysis tools. The official documentation can be found here which requires static analysis tools to produce [SARIF] format.

This issue is already picked up in

• Android Lint - See https://issuetracker.google.com/issues/167593732
• Detekt - SARIF export support detekt/detekt#3045
• Checkstyle - Add SARIF as a supported output format checkstyle/checkstyle#8905 This is working in progress for me.

I would like to seek your opinion on supporting SARIF format as first-class for ktlint. (We already have json format https://github.com/pinterest/ktlint/tree/master/ktlint-reporter-json).
If approved, I would be happy to contribute as well.

[Tapchicoma]

So it is basically adding another reporter that will produce report in SARIF format?

[chao2zhang]

That's correct.

[chao2zhang]

Because SARIF is officially supported by Github code action, we could show the violations inline (https://github.com/chao2zhang/detekt/pull/9/files)

[Tapchicoma]

Then it makes sense to add such reporter. Feel free to contribute 👍

[Tapchicoma]

@chao2zhang do you plan to further improve SARIF format support or it is fine as it is?

[chao2zhang]

We can close this issue since we have basic support. Further improvements can be done in separate issues:

• SarifSchema210.runs[0].tool.driver.rules is empty for now. Ideally, this should be a list of rules that were active in the current run. I will address this in a follow-up PR since this requires refactoring.
• I have not yet added other information like autoCorrected or autoCorrectible in the output.
• Potentially we can also add github workflow setup in the documentation. There are other community projects that does this so this is optional to me.

[orchestr7]

@chao2zhang have you tested ktlint reports in GitHub? It looks like the calculation of URI paths is incorrect, I was not able to make it work with out ktlint plugins...

Any examples, where it works?

[orchestr7]

Got it working somehow. But definitely need to customise plugins properly for it. Github is not able to work with absolute paths and that is a big problem for everyone - in ktlint we need to set user.home for it.

[romtsn]

@akuleshov7 send PR?

[orchestr7]

@akuleshov7 send PR?
@romtsn

Рома, we are supporting it in maven and gradle plugins for our diktat ruleset. Here is some small test:
https://github.com/analysis-dev/diktat/pull/1205/files

see: diktat-rules/src/main/kotlin/org/cqfn/diktat/ruleset/rules/chapter1/FileNaming.kt

The idea is the following: the user adds a special flag githubActions to the plugin and get everything out of the box.
So I guess this logic should be copied to your plugins as well.

As soon as I will finish with diktat - I will move the logic to your plugins.