sarif-tutorials icon indicating copy to clipboard operation
sarif-tutorials copied to clipboard
verified publisher icon microsoft

Provide guidance on "perceived severity".

Open ghost opened this issue 5 years ago • 1 comments

Four SARIF result properties interact to determine

  1. Whether a viewer should display the result by default, and
  2. With what "severity" a viewer should present the result.

Those properties are level, kind, baselineState, and suppressions. The default visibility also depends on the scenario. For example, in a CI scenario, only results with baselineState: "new" should be displayed by default, while in other scenarios, the "unchaged" results should also be displayed by default.

Add an Appendix providing rules for a uniform viewer experience based on these factors.

@michaelcfanning FYI

ghost avatar Sep 25 '20 21:09 ghost

Additional raw notes from conversation with @michaelcfanning:

Error: blocks, visible by default Warning: does not block, visible by default Informational: does not block, not visible by default

Non-failure: Document these kind values as specified in microsoft/sarif-visualstudio-extension#199.

Suppressed: invisible -- but what if you have multiple suppressions? How does suppression state play into it. (I've given guidance on that in the past; dig that up and incorporate here.)

BaselineState Absent: invisible by default Unchanged: invisible by default in CI scenarios

Depends on "incrementality".

ghost avatar Sep 25 '20 21:09 ghost