SARIF

A standard JSON format for security and static-analysis results so different tools and platforms can read the same findings.

SARIF (Static Analysis Results Interchange Format) is a standardized JSON structure for reporting scan findings: what the issue is, where it lives, and how severe it is. Because it's a common format, results from one tool can be imported by another, displayed in GitHub's code-scanning UI, or fed into your CI pipeline without custom parsing.

For a founder this matters once security stops being a one-off check. SARIF lets findings flow into the tools you already use, so a scan result shows up as an annotation on your pull request instead of a PDF you forget about. It makes security a step in your workflow rather than a separate chore.

Kalit Pentest exports its findings as SARIF, so you can pull results straight into GitHub or your existing pipeline.

Related terms

IDOR (Insecure Direct Object Reference)An access-control flaw where changing an ID in a request lets a user read or edit records that belong to someone else.SSRF (Server-Side Request Forgery)A flaw where an attacker tricks your server into making requests to internal systems or cloud metadata it should never reach.SQL injection (SQLi)A flaw where untrusted input is mixed into a database query, letting an attacker read, change, or destroy your data.XSS (Cross-Site Scripting)A flaw where attacker-controlled script runs in another user's browser, letting it steal sessions or act as that user.