How to Use the SARIF Viewer for Viewing SARIF Files in VS Code

SARIF is the abbreviation for “Static Analysis Results Interchange Format” and is a OASIS Standard format for the output of static analysis tools. The DaVinci Configurator Classic incorporates this standard format to provide extensive information on task results.

How to Best Use the SARIF Viewer Plugin

There are multiple viewers for SARIF files. We recommend the SARIF Viewer Plugin of Visual Studio Code.

How to Open a Sarif File in the Plugin Correctly

For optimal usability of the SARIF viewer plugin for Visual Studio Code, open the DaVinci Project as a Workspace first. How do I open a VS Code "workspace"?

How to Review a SARIF File in the Plugin

To open a SARIF report, navigate to and double-click the report file in the VS Code Explorer. The plugin will automatically open a Results Panel of the content on the right side.

SarifViewerResultsPanel

The upper half of this panel displays an overview of the results. The lower half of the panel provides detailed information on a chosen result. When selecting a result, the plugin also automatically opens the first referenced file on the left side.

If more than one file is referenced, the detail view in the lower half of the Results Panel provides hyperlinks to them.

How to Solve Common Problems With the SARIF Viewer

The SARIF Results Panel Is Not Showing

The SARIF Viewer plugin in VS Code opens a Results Panel on the right page for opened SARIF files. If the Panel is not showing, when the SARIF report is opened, make sure the DaVinci Project is opened as a VS Code Workspace and the workspace is marked as 'trusted'. Otherwise, the Results Panel may not open. See VS Code’s Explanation on Trusted Workspaces here.

Referenced Files Are Not Automatically Opened by the Plugin

A common mistake here is to not open the DaVinci Project as a VS Code Workspace. The report contains relative file paths to the referenced files, which can only be resolved automatically if the DaVinci Project is opened as a trusted workspace. See How to Open a Sarif File in the Plugin Correctly

The report can also contain absolute file paths if any referenced files cannot be represented relative to the DaVinci Project root folder. A common example here is the usage of a different Windows partition for the BSW Package than for the DaVinci Project. We do not recommend this for a clean report file.

Note that a SARIF report is generated by its corresponding DaVinci Configurator tasks. If the SARIF report is opened on another machine than it was generated on, the relative and absolute file paths may not match the current system. If problems arise and the report may not be up-to-date or suitable for the current machine, generate a new report by starting the corresponding DaVinci Configurator task.

Results Are Not Underlined or Emphasized in the Referenced File

If the referenced files do not underline or emphasize any results, try following steps:

  1. Close and reopen VS Code.

  2. Open the DaVinci Project as a Workspace. See How to Open a Sarif File in the Plugin Correctly

  3. Close all open files in VS Code.

  4. Open the SARIF file.