diff --git a/schema/metaschema/sarif-module.xml b/schema/metaschema/sarif-module.xml
index 5d4ffb53..1c94b0ad 100644
--- a/schema/metaschema/sarif-module.xml
+++ b/schema/metaschema/sarif-module.xml
@@ -5,25 +5,29 @@
0.1.0
sarif
- http://csrc.nist.gov/ns/oscal/metaschema/validation/results/1.0
+ https://json.schemastore.org/sarif/2.1.0
- http://csrc.nist.gov/ns/oscal/metaschema/validation/results/1.0
+ https://json.schemastore.org/sarif-2.1.0.json
SARIF Model Version
The version of the SARIF Model used for conforming instances.
-
+
-
+
- Properties
- A collection of named properties or property bag key values (the latter is loosely enforced) for SARIF elements.
+ Property Bag
+ Key/value pairs that provide additional information about the object.
-
-
+
+ Tag
+ A set of distinct strings that provide additional information.
+
+
+
@@ -56,6 +60,9 @@
The absolute URI at which information about this version of the tool component can be found.
+ Rule
+ An array of reportingDescriptor objects relevant to the analysis performed by the tool component.
+ rule
@@ -96,7 +103,11 @@
Artifacts
Artifacts analyzed by the tool to yield results.
-
+
+ Artifact Location
+ The location of the artifact.
+ location
+
@@ -154,13 +165,14 @@
Identifies the artifact that the analysis tool was instructed to scan. This need not be the same as the artifact where the result actually occurred.
analysisTarget
-
+
Result Location
The set of locations where the result was detected. Specify only one location unless the problem indicated by the result can only be corrected by making a change at every specified location.
+ location
- Occurence Count
+ Occurrence Count
A positive integer specifying the number of times this logically unique result was observed in this run.
@@ -241,6 +253,15 @@
URI
A valid relative or absolute URI.
+
+ Index
+ The index within the run artifacts array of the artifact object associated with the artifact location.
+
+
+ The index '{ . }' is not greater than or equal to '-1'.
+
+
+
Description
A short description of the artifact location.
@@ -260,12 +281,10 @@
Physical Location
A physical location relevant to a result. Specifies a reference to a programming artifact together with a range of bytes or characters within that artifact.
-
Location Message
A message relevant to the location.
@@ -306,6 +325,46 @@
+
+ Logical Location
+ A logical location of a construct that produced a result.
+
+
+ Logical Location Name
+ Identifies the construct in which the result occurred. For example, this property might contain the name of a class or a method.
+
+
+ Index
+ The index within the logical locations array.
+
+
+ The index '{ . }' is not greater than or equal to '-1'.
+
+
+
+
+ Fully Qualified Name
+ The human-readable fully qualified name of the logical location.
+
+
+ Decorated Name
+ The machine-readable name for the logical location, such as a mangled function name provided by a C++ compiler that encodes calling convention, return type and other details along with the function name.
+
+
+ Parent Index
+ Identifies the index of the immediate parent of the construct in which the result was detected. For example, this property might point to a logical location that represents the namespace that holds a type.
+
+
+ The index '{ . }' is not greater than or equal to '-1'.
+
+
+
+
+ Kind
+ The type of construct this logical location component refers to. Should be one of 'function', 'member', 'module', 'namespace', 'parameter', 'resource', 'returnType', 'type', 'variable', 'object', 'array', 'property', 'value', 'element', 'text', 'attribute', 'comment', 'declaration', 'dtd' or 'processingInstruction', if any of those accurately describe the construct.
+
+
+
Region
A region within an artifact where a result was detected.
@@ -372,7 +431,7 @@
- Result Provenance
+ Result Provanance
Contains information about how and when a result was detected.