Description
Enterprise security dashboards require machine-readable data streams to aggregate findings across diverse tooling stacks. We want to expand PatchPilot’s capabilities by exporting our compiled vulnerability and deduplication metrics into Static Analysis Results Interchange Format (SARIF).
This ensures full interoperability with standard industry dashboards like GitHub Advanced Security, SonarQube, and DefectDojo.
Proposed Changes
- Format Translator: Create a formatting pipeline class that ingests our standard JSON triage array elements and maps them directly to the official OASIS SARIF JSON schema specification.
- Export Controller: Expose an export destination interface or download pipeline tracking node that delivers this formatted
.sarif payload to the client.
- Metadata Enriched Mapping: Ensure tool rules, code location ranges (lines/columns), and severity ratings align accurately with SARIF standards.
Schema Layout Targets
{
"$schema": "[https://json.schemastore.org/sarif-2.1.0.json](https://json.schemastore.org/sarif-2.1.0.json)",
"version": "2.1.0",
"runs": [
{
"tool": { "driver": { "name": "PatchPilot Engine" } },
"results": []
}
]
}
Description
Enterprise security dashboards require machine-readable data streams to aggregate findings across diverse tooling stacks. We want to expand PatchPilot’s capabilities by exporting our compiled vulnerability and deduplication metrics into Static Analysis Results Interchange Format (SARIF).
This ensures full interoperability with standard industry dashboards like GitHub Advanced Security, SonarQube, and DefectDojo.
Proposed Changes
.sarifpayload to the client.Schema Layout Targets
{ "$schema": "[https://json.schemastore.org/sarif-2.1.0.json](https://json.schemastore.org/sarif-2.1.0.json)", "version": "2.1.0", "runs": [ { "tool": { "driver": { "name": "PatchPilot Engine" } }, "results": [] } ] }