Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

SARIF output

cntrdct scan --format sarif emits SARIF 2.1.0 compatible with GitHub Code Scanning and any other OASIS-conformant consumer. Every CI run validates the emission against the official OASIS schema via Sarif.Multitool validate (.github/workflows/ci.yml).

Mapping table

cntrdct conceptSARIF location
detector_idresult.ruleId and tool.driver.rules[].id
severityresult.level (Error / Warning / Note → error / warning / note; Info → none — see Severity)
IEEE 1044-2009 anomaly classresult.properties.anomalyClass
prior_methodresult.properties.priorMethod (wilson or jeffreys)
Citationsresult.relatedInformation[] (one entry per citation key)
Adjudicator verdictresult.properties.adjudication.*

The rules taxonomy under tool.driver.rules[] is pinned by tests/wiring_consistency.rs against cntrdct::ALL_DETECTOR_IDS — adding a detector without registering it in both the construction path and the SARIF emitter fails CI.

Spec: docs/spec/sarif-v0.md.