Static Analysis Results Interchange Format
SARIF is an OASIS standard JSON format for the output of static analysis and other code scanning tools. It lets results from many different scanners flow into one place, such as pull request annotations on code hosting platforms. For appsec engineers building CI pipelines, SARIF is the glue that makes findings portable between tools and dashboards.