What is SARIF?
Static Analysis Results Interchange Format
Universal Format
OASIS standard for static analysis results. Supported by Microsoft, GitHub, Google, and 50+ security tools.
Machine Readable
JSON format with rich metadata. Includes locations, severity, remediation, and compliance mappings.
Native Integration
Automatically appears in GitHub Security tab, VS Code Problems panel, and CI/CD dashboards.
SARIF-Compatible Tools
Our SARIF output works with all major security platforms
GitHub Security
Automatic Security tab integration
VS Code
Problems panel with inline warnings
Azure DevOps
Build validation and reporting
SonarQube
Quality gate integration
GitLab SAST
Security dashboard reports
Jenkins
Pipeline security gates
Snyk
Vulnerability aggregation
Checkmarx
SAST platform integration
Veracode
Security scan correlation
Example SARIF Output
See what our scanner produces
haiec-results.sarif
{
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "HAIEC AI Security Scanner",
"version": "2.0.0",
"informationUri": "https://haiec.com/security",
"rules": [
{
"id": "R001",
"name": "GenderBiasInTrainingData",
"shortDescription": {
"text": "Gender bias detected in training data"
},
"fullDescription": {
"text": "Training dataset shows significant gender imbalance that could lead to discriminatory outcomes."
},
"helpUri": "https://haiec.com/security/rules#R001",
"properties": {
"category": "bias",
"severity": "critical",
"frameworks": ["NYC LL144", "EU AI Act"]
}
}
]
}
},
"results": [
{
"ruleId": "R001",
"level": "error",
"message": {
"text": "Gender imbalance detected: Male 85%, Female 15% (ratio 5.67:1)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "src/models/hiring_model.py"
},
"region": {
"startLine": 45,
"startColumn": 1,
"endLine": 47,
"endColumn": 30
}
}
}
],
"fixes": [
{
"description": {
"text": "Balance training data using SMOTE or stratified sampling"
}
}
]
}
]
}
]
}Rich Metadata
Every finding includes rule ID, severity, location, and remediation guidance.
Framework Mapping
Findings tagged with applicable frameworks (SOC 2, GDPR, HIPAA, etc.).
Actionable Fixes
Suggested remediations with code examples and documentation links.
How to Use SARIF Output
Three ways to consume our SARIF reports
GitHub Actions
Upload SARIF to GitHub Security tab automatically.
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: haiec-results.sarifVS Code Extension
View findings in Problems panel with inline warnings.
# Install SARIF Viewer extension
code --install-extension MS-SarifVSCode.sarif-viewer
# Open SARIF file
code haiec-results.sarifCI/CD Pipeline
Parse SARIF in your pipeline for custom workflows.
import json
with open('haiec-results.sarif') as f:
sarif = json.load(f)
critical = [r for r in sarif['runs'][0]['results']
if r['level'] == 'error']
if critical:
exit(1) # Fail build