Skip to content

Add support for uploading SARIF files [FoD] #912

New issue
New issue
Open
Feature
Open
Add support for uploading SARIF files [FoD]#912
Feature
Assignees
kadraman
Labels
effort:lowEasy to implement/fixenhancementNew feature or requestfcli-fodIssue related to 'fcli fod' commandsprio:mediumMedium priority
@kadraman

Description

@kadraman
kadraman
opened on Feb 3, 2026

Enhancement Request

With the release of OpenText Core Application Security 26.1 we now have support for importing SARIF files:

SARIF import support
Streamline your security posture with SARIF Import. By bringing third-party SAST results directly into the Release Scans page, you are moving toward a comprehensive Application Security Posture Management (ASPM) view of your vulnerabilities. This unified approach allows you to manage all findings from native tools to external scanners within a single, centralized Issues page or via our API. For more information, see "Importing an On-Premises Scan" in the Core Application Security User Guide.

This is available via the API endpoint PUT /api/v3/releases/{releaseId}/static-scans/import-sarif
To expose this capability we should add an additional command for either:

fcli fod release import-sarif

or

fcli fod sast-scan import-sarf

The second option is probably preferred as SARIF format is mainly used for SAST scan results and it follows our existing convention for uploading OSS SBOM results (fcli fod oss-scan import).

Metadata

Metadata

Assignees

Labels

effort:lowEasy to implement/fixenhancementNew feature or requestfcli-fodIssue related to 'fcli fod' commandsprio:mediumMedium priority

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions