Speaking the universal language of security: Kiuwan introduces SARIF capabilities

Modern security teams today manage multiple security tools across their pipelines, which also means they have to balance multiple reporting systems. And the unspoken challenge is that these tools aren’t always set up in a way where they can share their information effectively. 

But, what if there was a solution to this problem without having to use custom workarounds or manually exporting reports? With the support of SARIF export, Kiuwan enables easier integration with static analysis tools, helping teams collaborate more effectively and standardizing reports, all while speeding up workflows.

The SARIF solution 

SARIF is an acronym for Static Analysis Results Interchange Format. It is an open-industry standard that defines a JSON-based, machine readable structure designed to represent the output of static analysis tools, such as SAST, SCA, DAST and more. Industry leaders have rallied around SARIF as an OASIS-backed standard that creates a common language for security findings. This has made it a favorite feature amongst devs and security teams—knowing that it targets and analyzes user-specific source files, directories, or packages when scanning for vulnerabilities.

With the SARIF generation feature, Kiuwan can deliver richer, more detailed reporting that integrates effortlessly into existing DevSecOps ecosystems. And now Kiwuan has adopted the common JSON-based SARIF (v2.1.0) schema, analysis results can be transformed in a unified format, simplifying exporting data across multiple tools to streamline processes. This improves the overall experience of exporting, maximizing efficiency while minimizing time spent on separate security platforms.   

Feature details 

Kiuwan’s new SARIF export feature will help teams better integrate their tools, allowing security scan findings to import in popular CI/CD pipelines, IDEs, and dashboards without additional workarounds. The feature will also improve collaborations and reduce friction across development, security, and compliance teams through a standardized format. With the SARIF’s structure metadata preserving rule IDs, severity, and file locations, you’ve unlocked transparency for better auditing. This protects your applications and investments as your ecosystem evolves for the future while adopting standard practices across the board.

What the SARIF export means for your team 

The SARIF export feature helps developers and security teams:

• Enhance universal interoperability and integration: Eliminates custom workarounds and proprietary formats by providing seamless integration with popular CI/CD platforms, IDEs, code editors and security dashboards—allowing a wide range of security tools like SAST, SCA, DAST to be able to share information clearly and effectively. 

• Automate workflows: Utilizing standardized, machine-readable, structured data allows for automated filtering by severity category or rule, routing vulnerabilities to the right teams, and generating compliance reporting without manual data manipulation. 

• Sophisticated collaboration: With SARIF standardized formatting, everyone will see the same rule IDs, severity level, and code locations—eliminating the ‘the lost in translation’ and making vulnerability management faster, simpler, and more effective throughout your pipeline. 

Ready to see it in action?

If your development, security, and compliance teams are frequently collaborating, then the SARIF exporting feature, available now in Kiwuan Code Security, has arrived just in time to deliver a more safe and secure year!

New to Kiuwan? Request a free trial to experience seamless DevSecOps integration with SARIF-powered results. 

For further information, see the change log.