← Blog

SARIF Output for AI Security Findings

15 Research Lab
toolscomplianceopen-source

AI security scanning produces findings: detected injection attempts, tool description risks, authorization gaps. SARIF (Static Analysis Results Interchange Format) is the standard for expressing these findings in a way that integrates with existing security tooling.

What Is SARIF

SARIF is a JSON-based format defined by OASIS for representing the output of static analysis tools. It was designed for code analysis (linting, SAST) but its structure works well for any security finding.

A SARIF file contains:

  • Tool information: Name, version, and description of the scanner that produced the findings
  • Results: Individual findings with severity, location, message, and remediation guidance
  • Rules: Definitions of what the tool checks for

GitHub, Azure DevOps, and other platforms natively consume SARIF and display findings in their security dashboards.

Why SARIF for AI Security

AI security findings have been siloed in custom report formats. MCP vulnerability scans produce one format. Content safety scan results produce another. Red team reports are documents. None of these integrate with the security dashboards that development teams already use.

SARIF bridges this gap. When your AI security tools output SARIF, findings appear in the same dashboard as your SAST, DAST, and dependency scanning results. One view for all security findings.

Example: MCP Server Scan in SARIF

{
  "version": "2.1.0",
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
  "runs": [{
    "tool": {
      "driver": {
        "name": "attack-surface-mapper",
        "version": "1.0.0",
        "rules": [{
          "id": "ASM001",
          "name": "MissingAuthentication",
          "shortDescription": { "text": "MCP server lacks authentication" }
        }]
      }
    },
    "results": [{
      "ruleId": "ASM001",
      "level": "error",
      "message": { "text": "MCP server at sse://tools.example.com has no authentication configured" },
      "locations": [{
        "physicalLocation": {
          "artifactLocation": { "uri": "mcp-config.json" }
        }
      }]
    }]
  }]
}

GitHub Integration

Upload SARIF to GitHub using the code scanning API:

gh api repos/{owner}/{repo}/code-scanning/sarifs \
  -X POST \
  -F "sarif=@results.sarif" \
  -F "ref=refs/heads/main"

Findings appear in the Security tab, with severity badges, file locations, and remediation guidance. You can set branch protection rules that block PRs with high-severity AI security findings.

Which Tools Output SARIF

The Attack Surface Mapper outputs SARIF natively for MCP server scan results. Aegis scan results can be formatted as SARIF for integration. Red team results from Chainbreaker can be exported in SARIF for tracking.

If your AI security tool does not output SARIF, write a converter. The format is straightforward JSON with a well-documented schema.

Benefits

Unified dashboard. All security findings in one place. AI security findings are not separate from other security work.

Workflow integration. Use the same triage, assignment, and tracking processes for AI security findings as for other vulnerabilities.

Trend tracking. Track AI security findings over time. Are they increasing or decreasing? Which categories are most common? SARIF-based dashboards answer these questions automatically.