Skip to content

feat(reporting): SARIF export format #139

Open
Open
feat(reporting): SARIF export format#139
Labels
enhancementNew feature or requestv0.5Scoped to the v0.5 release
Milestone
v0.5 — Observability & Continuous Compliance
@jackby03

Description

@jackby03
jackby03
opened on Apr 4, 2026

Summary

Add --format sarif output to hardbox audit and hardbox diff. Produces a SARIF 2.1.0 document compatible with GitHub Advanced Security code scanning and major SIEMs. Each finding maps to a SARIF result with rule metadata, severity, and remediation guidance.

Usage

# Audit and write SARIF output
hardbox audit --profile production --format sarif --output hardbox.sarif

# Upload to GitHub Advanced Security
gh codeql upload-results --sarif hardbox.sarif

SARIF mapping

hardbox field SARIF field
check.ID result.ruleId
check.Title rule.shortDescription.text
check.Description rule.fullDescription.text
check.Remediation rule.help.text
finding.Severity result.level (error/warning/note)
finding.Detail result.message.text
check.Compliance rule.properties.tags

Severity mapping

hardbox SARIF level
critical error
high error
medium warning
low note
info note

Acceptance criteria

  • --format sarif flag accepted by hardbox audit and hardbox diff
  • Output is valid SARIF 2.1.0 JSON
  • All non-compliant findings included as results; compliant findings omitted
  • Rule definitions included in runs[].tool.driver.rules
  • Compliance framework tags included in rule.properties.tags
  • Validated against the SARIF JSON schema
  • Tests cover: schema validity, severity mapping, empty findings case
  • Docs: docs/DEVSECOPS.md updated with SARIF CI/CD usage example

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestv0.5Scoped to the v0.5 release

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions