Before SARIF, every analyzer emitted its own report shape, so wiring a new tool into GitHub, an IDE, or a dashboard meant writing a custom parser. SARIF (Static Analysis Results Interchange Format) standardised that: a single JSON schema for runs, rules, results, locations, and severities.
The practical payoff is GitHub code scanning. Upload a SARIF file from any scanner and GitHub renders each finding inline on the pull request diff, tracks it across commits, and de-duplicates it — turning a wall of CLI output into reviewable, dismissible annotations that live next to the code.
Because the format is tool-agnostic, SARIF is also how you avoid lock-in: results from different scanners land in the same structure, so you can swap or combine tools without rebuilding your reporting layer.