SARIF Output

SquireX emits SARIF v2.1.0 — the industry standard for security analysis results. Compatible with GitHub Advanced Security, GitLab, VS Code SARIF Viewer, and any SARIF-aware tool.

Generate SARIF

# Write to file
squirex scan -d ./force-app --sarif results.sarif

# PR-scoped SARIF
squirex scan-pr -d ./force-app --base main --sarif results.sarif

Output Schema

{
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [{
    "tool": {
      "driver": {
        "name": "SquireX",
        "version": "2.0.0",
        "informationUri": "https://squirex.dev",
        "rules": [...]
      }
    },
    "results": [{
      "ruleId": "AGENTFORCE-1.1",
      "level": "error",
      "message": {
        "text": "GenAiFunction 'Submit_Case' invokes Apex target without requiresConfirmation: true"
      },
      "locations": [{
        "physicalLocation": {
          "artifactLocation": { "uri": "Submit_Case.genAiFunction-meta.xml" },
          "region": { "startLine": 12 }
        }
      }]
    }]
  }]
}

Severity Mapping

SquireX Severity	SARIF `level`
Critical	`error`
High	`error`
Medium	`warning`
Low	`note`

GitHub Advanced Security Upload

- name: Upload SARIF to GitHub Security
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif
    category: agentforce-capability

tip

SARIF uploads require permissions: security-events: write in your workflow and GitHub Advanced Security enabled on the repository.

VS Code Local Viewer

Install the SARIF Viewer extension and open results.sarif directly.

Generate SARIF​

Output Schema​

Severity Mapping​

GitHub Advanced Security Upload​

VS Code Local Viewer​

Generate SARIF

Output Schema

Severity Mapping

GitHub Advanced Security Upload

VS Code Local Viewer