Hi maintainers — today sarif blame runs git blame to enrich SARIF results with ownership information. This is great for git, but it doesn’t work for non GIT source control system, it’s also expensive to compute repeatedly for large repos.
I’d like to propose a new mode that does not invoke git and instead joins SARIF locations against a precomputed “blame map” file.
Proposal
Extend the existing command:
sarif blame -i in.sarif -o out.sarif --blame-file blame.csv
# or
sarif blame -i in.sarif -o out.sarif --blame-file blame.json
Behavior:
- If --blame-file is provided, do not run git blame
- Otherwise keep current behavior unchanged
The blame file will represent ownership for range of lines - conceptually same information as the output of git-blame, but in CSV or JSONL for easier parsing.
If this direction is acceptable, I’m happy to implement it with tests and documentation.
Hi maintainers — today sarif blame runs git blame to enrich SARIF results with ownership information. This is great for git, but it doesn’t work for non GIT source control system, it’s also expensive to compute repeatedly for large repos.
I’d like to propose a new mode that does not invoke git and instead joins SARIF locations against a precomputed “blame map” file.
Proposal
Extend the existing command:
Behavior:
The blame file will represent ownership for range of lines - conceptually same information as the output of git-blame, but in CSV or JSONL for easier parsing.
If this direction is acceptable, I’m happy to implement it with tests and documentation.