Background
SARIF (Static Analysis Results Interchange Format) was listed as a supported output format in docs and the comparison table, but the --sarif flag is not implemented in the CLI source code. All SARIF claims have been removed from docs in a follow-up cleanup commit to keep the project honest.
Goal
Implement --sarif output so CVE Lite CLI can produce SARIF files compatible with:
- GitHub Advanced Security (upload via
github/codeql-action/upload-sarif)
- IDE integrations that consume SARIF
- DevSecOps dashboards and tooling
Acceptance criteria
cve-lite /path/to/project --sarif produces valid SARIF 2.1.0 output- Output can be uploaded to GitHub Advanced Security without errors
- Once implemented, re-add to the comparison table and feature list
Background
SARIF (Static Analysis Results Interchange Format) was listed as a supported output format in docs and the comparison table, but the
--sarifflag is not implemented in the CLI source code. All SARIF claims have been removed from docs in a follow-up cleanup commit to keep the project honest.Goal
Implement
--sarifoutput so CVE Lite CLI can produce SARIF files compatible with:github/codeql-action/upload-sarif)Acceptance criteria
cve-lite /path/to/project --sarifproduces valid SARIF 2.1.0 output