Update GitHub brand names (#2069)

This resolves some brand inconsistencies in the SARIF SDK for some of the GitHub-specific validation rules. DSP is our internal organization name, but not our official product name, so I went and made a bunch of changes to align with the guidance from marketing. Changes tweaked by @lgolding: Rule prefix is now `GH`, all test files now have the appropriate prefix, and I polished a few user-facing strings.
microsoft · Sep 14, 2020 · 8a475ce · 8a475ce
1 parent 9870138
commit 8a475ce
Show file tree

Hide file tree

Showing 53 changed files with 362 additions and 361 deletions.
diff --git a/BeforeBuild.sh b/BeforeBuild.sh
diff --git a/RunTests.cmd b/RunTests.cmd
diff --git a/docs/ValidationRules.md b/docs/ValidationRules.md
@@ -1,92 +1,92 @@
 # Rules
 
-## Rule `DSP1001.ProvideRequiredLocationProperties`
+## Rule `GH1001.ProvideRequiredLocationProperties`
 
 ### Description
 
-Each result location must provide the property 'physicalLocation.artifactLocation.uri'. The GitHub Developer Security Portal will not display a result whose location does not provide the URI of the artifact that contains the result.
+Each result location must provide the property 'physicalLocation.artifactLocation.uri'. GitHub Advanced Security code scanning will not display a result whose location does not provide the URI of the artifact that contains the result.
 
 ### Messages
 
 #### `NoLocationsArray`: Error
 
-{0}: The 'locations' property is absent. The GitHub Developer Security Portal will not display a result unless it provides a location that specifies the URI of the artifact that contains the result.
+{0}: The 'locations' property is absent. GitHub Advanced Security code scanning will not display a result unless it provides a location that specifies the URI of the artifact that contains the result.
 
 #### `EmptyLocationsArray`: Error
 
-{0}: The 'locations' array is empty. The GitHub Developer Security Portal will not display a result unless it provides a location that specifies the URI of the artifact that contains the result.
+{0}: The 'locations' array is empty. GitHub Advanced Security code scanning will not display a result unless it provides a location that specifies the URI of the artifact that contains the result.
 
 #### `MissingLocationProperty`: Error
 
-{0}: '{1}' is absent. The GitHub Developer Security Portal will not display a result location that does not provide the URI of the artifact that contains the result.
+{0}: '{1}' is absent. GitHub Advanced Security code scanning will not display a result location that does not provide the URI of the artifact that contains the result.
 
 ---
 
-## Rule `DSP1002.InlineThreadFlowLocations`
+## Rule `GH1002.InlineThreadFlowLocations`
 
 ### Description
 
-Results that include codeFlows must specify each threadFlowLocation directly within the codeFlow, rather than relying on threadFlowLocation.index to refer to an element of the run.threadFlowLocations array. The GitHub Developer Security Portal will not display a result that uses such threadFlowLocations.
+Results that include codeFlows must specify each threadFlowLocation directly within the codeFlow, rather than relying on threadFlowLocation.index to refer to an element of the run.threadFlowLocations array. GitHub Advanced Security code scanning will not display a result that uses such threadFlowLocations.
 
 ### Messages
 
 #### `Default`: Error
 
-{0}: This 'threadFlowLocation' uses its 'index' property to refer to information in the 'run.threadFlowLocations' array. The GitHub Developer Security Portal will not display a result that includes such a 'threadFlowLocation'.
+{0}: This 'threadFlowLocation' uses its 'index' property to refer to information in the 'run.threadFlowLocations' array. GitHub Advanced Security code scanning will not display a result that includes such a 'threadFlowLocation'.
 
 ---
 
-## Rule `DSP1003.ProvideRequiredRegionProperties`
+## Rule `GH1003.ProvideRequiredRegionProperties`
 
 ### Description
 
-Every result must provide a 'region' that specifies its location with line and optional column information. The GitHub Developer Security Portal can display the correct location only for results that provide this information. At minimum, 'region.startLine' is required. 'region' can also provide 'startColumn', 'endLine', and 'endColumn', although all of those have reasonable defaults.
+Every result must provide a 'region' that specifies its location with line and optional column information. GitHub Advanced Security code scanning can display the correct location only for results that provide this information. At minimum, 'region.startLine' is required. 'region' can also provide 'startColumn', 'endLine', and 'endColumn', although all of those have reasonable defaults.
 
 ### Messages
 
 #### `MissingRegion`: Error
 
-{0}: The 'region' property is absent. The GitHub Developer Security Portal can display the correct location only for results that provide a 'region' object with line and optional column information. At minimum, 'region.startLine' is required. 'region' can also provide 'startColumn', 'endLine', and 'endColumn', although all of those have reasonable defaults.
+{0}: The 'region' property is absent. GitHub Advanced Security code scanning can display the correct location only for results that provide a 'region' object with line and optional column information. At minimum, 'region.startLine' is required. 'region' can also provide 'startColumn', 'endLine', and 'endColumn', although all of those have reasonable defaults.
 
 #### `MissingRegionProperty`: Error
 
-{0}: The 'startLine' property is absent. The GitHub Developer Security Portal can display the correct location only for results that provide a 'region' object with line and optional column information. At minimum, 'region.startLine' is required. 'region' can also provide 'startColumn', 'endLine', and 'endColumn', although all of those have reasonable defaults.
+{0}: The 'startLine' property is absent. GitHub Advanced Security code scanning can display the correct location only for results that provide a 'region' object with line and optional column information. At minimum, 'region.startLine' is required. 'region' can also provide 'startColumn', 'endLine', and 'endColumn', although all of those have reasonable defaults.
 
 ---
 
-## Rule `DSP1004.ReviewArraysThatExceedConfigurableDefaults`
+## Rule `GH1004.ReviewArraysThatExceedConfigurableDefaults`
 
 ### Description
 
-The GitHub Developer Security Portal limits the amount of information it displays. There are limits on the number of runs per log file, rules per run, results per run, locations per result, code flows per result, and steps per code flow. You can provide a configuration file at the root of your repository to specify higher limits.
+GitHub Advanced Security code scanning limits the amount of information it displays. There are limits on the number of runs per log file, rules per run, results per run, locations per result, code flows per result, and steps per code flow. You can provide a configuration file at the root of your repository to specify higher limits.
 
 ### Messages
 
 #### `Default`: Error
 
-{0}: This array contains {1} element(s), which exceeds the default limit of {2} imposed by the GitHub Developer Security Portal. The portal will only display information up to that limit. You can provide a configuration file at the root of your repository to specify a higher limit.
+{0}: This array contains {1} element(s), which exceeds the default limit of {2} imposed by GitHub Advanced Security code scanning. GitHub will only display information up to that limit. You can provide a configuration file at the root of your repository to specify a higher limit.
 
 ---
 
-## Rule `DSP1005.LocationsMustBeRelativeUrisOrFilePaths`
+## Rule `GH1005.LocationsMustBeRelativeUrisOrFilePaths`
 
 ### Description
 
-The GitHub Developer Security Portal only displays results whose locations are specified by file paths, either as relative URIs or as absolute URIs that use the 'file' scheme.
+GitHub Advanced Security code scanning only displays results whose locations are specified by file paths, either as relative URIs or as absolute URIs that use the 'file' scheme.
 
 ### Messages
 
 #### `Default`: Error
 
-{0}: '{1}' is not a file path. The GitHub Developer Security Portal only displays results whose locations are specified by file paths, either as relative URIs or as absolute URIs that use the 'file' scheme.
+{0}: '{1}' is not a file path. GitHub Advanced Security code scanning only displays results whose locations are specified by file paths, either as relative URIs or as absolute URIs that use the 'file' scheme.
 
 ---
 
-## Rule `DSP1006.ProvideCheckoutPath`
+## Rule `GH1006.ProvideCheckoutPath`
 
 ### Description
 
-The GitHub Developer Security Portal (DSP) will reject a SARIF file that expresses result locations as absolute 'file' scheme URIs unless the DSP can determine the URI of the repository root (which the DSP refers to as the "checkout path"). There are three ways to address this issue.
+GitHub Advanced Security code scanning will reject a SARIF file that expresses result locations as absolute 'file' scheme URIs unless it can determine the URI of the repository root (which GitHub refers to as the "checkout path"). There are three ways to address this issue.
 
 1. Recommended: Express all result locations as relative URI references with respect to the checkout path.
 
@@ -98,21 +98,21 @@ The GitHub Developer Security Portal (DSP) will reject a SARIF file that express
 
 #### `Default`: Error
 
-{0}: This result location is expressed as an absolute 'file' URI. The GitHub Developer Security Portal will reject this file because it cannot determine the location of the repository root (which it refers to as the "checkout path"). Either express result locations as relative URI references with respect to the checkout path, place the checkout path in 'invocations[].workingDirectory`, or place the checkout path in a configuration file at the root of the repository.
+{0}: This result location is expressed as an absolute 'file' URI. GitHub Advanced Security code scanning will reject this file because it cannot determine the location of the repository root (which it refers to as the "checkout path"). Either express result locations as relative URI references with respect to the checkout path, place the checkout path in 'invocations[].workingDirectory', or place the checkout path in a configuration file at the root of the repository.
 
 ---
 
-## Rule `DSP1007.ProvideRequiredRelatedLocationProperties`
+## Rule `GH1007.ProvideRequiredRelatedLocationProperties`
 
 ### Description
 
-The GitHub Developer Security Portal (DSP) will reject a SARIF file that includes a "related location" with no 'message' property. This is a bug in the DSP. You can set 'message' to an empty string if you don't have anything else to say about the location.
+GitHub Advanced Security code scanning will reject a SARIF file that includes a "related location" with no 'message' property. This is a bug in code scanning. You can set 'message' to an empty string if you don't have anything else to say about the location.
 
 ### Messages
 
 #### `Default`: Error
 
-{0}: This related location does not have a 'message' property, so the the GitHub Developer Security Portal (DSP) will reject the entire log file. This is a bug in the DSP. You can set 'message' to an empty string if you don't have anything else to say about the location.
+{0}: This related location does not have a 'message' property, so GitHub Advanced Security code scanning will reject the entire log file. This is a bug in code scanning. You can set 'message' to an empty string if you don't have anything else to say about the location.
 
 ---
 

diff --git a/...thub-dsp.config.sarif-external-properties → ...s/github.config.sarif-external-properties b/...thub-dsp.config.sarif-external-properties → ...s/github.config.sarif-external-properties
@@ -4,7 +4,7 @@
  "guid": "89072b7a-3d16-43f2-ac0b-3d9cffc814be",
  "policies": [
  {
- "name": "GitHub Developer Security Portal policy",
+ "name": "GitHub policy",
  "version": "0.0.1",
  "organization": "Microsoft",
  "product": "Microsoft SARIF SDK",
@@ -13,49 +13,49 @@
  },
  "rules": [
  {
- "id": "DSP1001",
+ "id": "GH1001",
  "name": "ProvideRequiredLocationProperties",
  "defaultConfiguration": {
  "enabled": true
  }
  },
  {
- "id": "DSP1002",
+ "id": "GH1002",
  "name": "InlineThreadFlowLocations",
  "defaultConfiguration": {
  "enabled": true
  }
  },
  {
- "id": "DSP1003",
+ "id": "GH1003",
  "name": "ProvideRequiredRegionProperties",
  "defaultConfiguration": {
  "enabled": true
  }
  },
  {
- "id": "DSP1004",
+ "id": "GH1004",
  "name": "ReviewArraysThatExceedConfigurableDefaults",
  "defaultConfiguration": {
  "enabled": true
  }
  },
  {
- "id": "DSP1005",
+ "id": "GH1005",
  "name": "LocationsMustBeRelativeUrisOrFilePaths",
  "defaultConfiguration": {
  "enabled": true
  }
  },
  {
- "id": "DSP1006",
+ "id": "GH1006",
  "name": "ProvideCheckoutPath",
  "defaultConfiguration": {
  "enabled": true
  }
  },
  {
- "id": "DSP1007",
+ "id": "GH1007",
  "name": "ProvideRequiredRelatedLocationProperties",
  "defaultConfiguration": {
  "enabled": true

diff --git a/policies/github-dsp.config.xml → policies/github.config.xml b/policies/github-dsp.config.xml → policies/github.config.xml
@@ -35,7 +35,7 @@
  <Property Key='RuleEnabled' Value='Disabled' />
  </Properties>
  <Properties Key='SARIF2012.ProvideHelpUris.Options'>
- <!-- Because the DSP displays them if available. -->
+ <!-- Because GitHub displays them if available. -->
  <Property Key='RuleEnabled' Value='Error' />
  </Properties>
  <Properties Key='SARIF2013.ProvideEmbeddedFileContent.Options'>
@@ -51,25 +51,25 @@
  <!-- Not necessary because SARIF2007.ExpressPathsRelativeToRepoRoot is stricter. -->
  <Property Key='RuleEnabled' Value='Disabled' />
  </Properties>
- <Properties Key='DSP1001.ProvideRequiredLocationProperties.Options'>
+ <Properties Key='GH1001.ProvideRequiredLocationProperties.Options'>
  <Property Key='RuleEnabled' Value='Error' />
  </Properties>
- <Properties Key='DSP1002.InlineThreadFlowLocations.Options'>
+ <Properties Key='GH1002.InlineThreadFlowLocations.Options'>
  <Property Key='RuleEnabled' Value='Error' />
  </Properties>
- <Properties Key='DSP1003.ProvideRequiredRegionProperties.Options'>
+ <Properties Key='GH1003.ProvideRequiredRegionProperties.Options'>
  <Property Key='RuleEnabled' Value='Error' />
  </Properties>
- <Properties Key='DSP1004.ReviewArraysThatExceedConfigurableDefaults.Options'>
+ <Properties Key='GH1004.ReviewArraysThatExceedConfigurableDefaults.Options'>
  <Property Key='RuleEnabled' Value='Error' />
  </Properties>
- <Properties Key='DSP1005.LocationsMustBeRelativeUrisOrFilePaths.Options'>
+ <Properties Key='GH1005.LocationsMustBeRelativeUrisOrFilePaths.Options'>
  <Property Key='RuleEnabled' Value='Error' />
  </Properties>
- <Properties Key='DSP1006.ProvideCheckoutPath.Options'>
+ <Properties Key='GH1006.ProvideCheckoutPath.Options'>
  <Property Key='RuleEnabled' Value='Error' />
  </Properties>
- <Properties Key='DSP1007.ProvideRequiredRelatedLocationProperties.Options'>
+ <Properties Key='GH1007.ProvideRequiredRelatedLocationProperties.Options'>
  <Property Key='RuleEnabled' Value='Error' />
  </Properties>
 </Properties>
diff --git a/src/ReleaseHistory.md b/src/ReleaseHistory.md
@@ -2,14 +2,14 @@
 
 ## **v2.3.5** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.5) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.5) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.5) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.5) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.5)
 * FEATURE: COMMAND-LINE BREAKING: Validation rule `SARIF2005.ProvideToolProperties` now requires `informationUri`, it allows `dottedQuadFileVersion` to satisfy the requirement that version information be present, and it is configurable.
-* FEATURE: COMMAND-LINE BREAKING: The analysis rules that validate a SARIF file's compatibility with the GitHub Developer Security Portal now have rule ids that begin with `DSP` rather than `SARIF`.
+* FEATURE: COMMAND-LINE BREAKING: The analysis rules that validate a SARIF file's compatibility with GitHub Advanced Security code scanning now have rule ids that begin with `GH` rather than `SARIF`.
 * FEATURE: Extract the public APIs from Sarif.Multitool into a new dependency package Sarif.Multitool.Library. Sarif.Multitool remains as a dotnet tool package.
 * FEATURE: Validation rule `SARIF2012` now checks for the presence of a friendly name in PascalCase in the `name` property, and is renamed from `ProvideHelpUris` to `ProvideRuleProperties`.
 * FEATURE: The Multitool `rewrite` command now accepts `VersionControlInformation` as an argument to the `--insert` option. This argument populates `run.versionControlProvenance`, and it re-expresses all absolute URIs as relative references with respect to the nearest enclosing repository root, if any.
 
 ## **v2.3.4** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.4) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.4) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.4) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.4)
 * COMMAND-LINE BREAKING: Change `merge` command output directory argument name to `output-directory`.
-* FEATURE: Add analysis rules appropriate for SARIF files that are to be uploaded to the GitHub Developer Security Portal.
+* FEATURE: Add analysis rules appropriate for SARIF files that are to be uploaded to GitHub Advanced Security code scanning.
 * BUGFIX: Various Fortify FPR converter improvements (such as improve variable expansion in result messages).
 * BUGFIX: The validator no longer reports `SARIF2010.ProvideCodeSnippets` if embedded file content for the specified artifact is present. [#2003](https://github.com/microsoft/sarif-sdk/issues/2003)
 

diff --git a/src/Sarif.Converters/FortifyFprConverter.cs b/src/Sarif.Converters/FortifyFprConverter.cs
@@ -567,8 +567,8 @@ private string NormalizeGuid(string guid)
  // invalid version character in the 13th character. Second,
  // some GUID as overly long (by a single character). These
  // issues prevent Fortify SARIF from validating and therefore
- // from being accepted by systems such as GitHub's DSP
- // secfurity alerting feature.
+ // from being accepted by systems such as GitHub's 
+ // security alerting feature.
  //
  // As a workaround, we will force the 15th character to be '4',
  // if necessary, reflecting a v4 spec GUID. If a guid is overly 

diff --git a/src/Sarif.Multitool.Library/ConvertCommand.cs b/src/Sarif.Multitool.Library/ConvertCommand.cs
@@ -62,7 +62,7 @@ public int Run(ConvertOptions convertOptions, IFileSystem fileSystem = null)
  dataToInsert,
  convertOptions.PluginAssemblyPath);
 
- if (convertOptions.NormalizeForGitHubDsp)
+ if (convertOptions.NormalizeForGitHub)
  {
  SarifLog sarifLog;
 
@@ -76,7 +76,7 @@ public int Run(ConvertOptions convertOptions, IFileSystem fileSystem = null)
  sarifLog = serializer.Deserialize<SarifLog>(reader);
  }
 
- var visitor = new GitHubDspIngestionVisitor();
+ var visitor = new GitHubIngestionVisitor();
  visitor.VisitSarifLog(sarifLog);
 
  using (FileStream stream = File.Create(convertOptions.OutputFilePath))

diff --git a/src/Sarif.Multitool.Library/ConvertOptions.cs b/src/Sarif.Multitool.Library/ConvertOptions.cs
@@ -23,9 +23,9 @@ public class ConvertOptions : SingleFileOptionsBase
  public string PluginAssemblyPath { get; internal set; }
 
  [Option(
- "normalize-for-github-dsp",
- HelpText = "Normalize converted output to conform to GitHub DSP ingestion requirements.")]
- public bool NormalizeForGitHubDsp { get; internal set; }
+ "normalize-for-github",
+ HelpText = "Normalize converted output to conform to GitHub Advanced Security code scanning ingestion requirements.")]
+ public bool NormalizeForGitHub { get; internal set; }
 
  }
 }