What is a .SARIF file?
SARIF is a standard JSON format for static-analysis and code-scanning results.
- Did you know
- SARIF was standardised by OASIS in 2020 so security tools can share their findings.
- SARIF began at Microsoft before being handed to OASIS, which approved version 2.1.0 of the JSON schema.
- GitHub code scanning ingests SARIF files, turning third-party analysers’ findings into repository alerts.
- What Analyser reads
- Identify and read metadata from developer and data files: JWT tokens (header + claims + expiry), WebAssembly, Java class files, NumPy/Safetensors/GGUF model files, source maps, SQL dumps, Visual Studio/.NET projects, Terraform, Protobuf, GraphQL, SARIF, Python bytecode, and Apple property lists (XML + binary). Jupyter notebooks (IPYNB) and HAR captures now open in a full viewer - see Notebooks & data above.
- Depth of analysis
- .SARIF is an identification-grade format: Analyser recognises it from its bytes and decodes the header metadata it carries, rather than opening it in a full viewer. Formats that do get a full viewer are marked "Full" on the formats page.
- Open a .SARIF file
- Drag a .SARIF file onto the Analyser home page (or tap to pick one). It is identified entirely in your browser - nothing is uploaded, there is no account, and it works offline once installed.