Tag
sarif
Safeguard articles tagged "sarif" — guides, analysis, and best practices for software supply chain and application security.
3 articles
AppSec
Reading a SAST Report: Findings, Traces, and Triage
A SAST report is a list of claims, not a list of bugs. How to read data-flow traces, judge severity honestly, and run a triage workflow that keeps the queue moving.
Sep 9, 20256 min read
Application Security
How Snyk Code integrates with GitHub Advanced Security th...
A technical walkthrough of how Snyk Code's SARIF output is generated, uploaded, and deduplicated inside GitHub Advanced Security's code scanning pipeline.
Sep 9, 20257 min read
Product
How the Snyk CLI generates SARIF output for GitHub code s...
A technical walkthrough of how the Snyk CLI serializes scan results into SARIF 2.1.0 and how GitHub code scanning ingests them into Security tab alerts.
Aug 16, 20257 min read