Tamp.Sarif 1.13.0

Prefix Reserved
.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Tamp.Sarif --version 1.13.0
                    


                    

                
NuGet\Install-Package Tamp.Sarif -Version 1.13.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Tamp.Sarif" Version="1.13.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Tamp.Sarif" Version="1.13.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Tamp.Sarif" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Tamp.Sarif --version 1.13.0
                    


                    

                
#r "nuget: Tamp.Sarif, 1.13.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Tamp.Sarif@1.13.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Tamp.Sarif&version=1.13.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Tamp.Sarif&version=1.13.0
                    


                            Install as a Cake Tool

Tamp's SARIF 2.1.0 contract package: typed records (SarifReport, SarifRun, SarifResult, ...) plus load/write/merge helpers and the IFindingSource interface. Scanner satellites emit SarifReport; sinks consume it. No tool wrapped — this is the universal finding contract for the Tamp.Security.* family.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (3)

Showing the top 3 NuGet packages that depend on Tamp.Sarif:

Package Downloads
Tamp.Security.Pipeline

Tamp meta-package — one PackageReference, one base-class inheritance, get the whole Wave 1+2 security chain: CycloneDX SBOM → SAST (OpenGrep + Roslyn) → SCA (osv-scanner + Dependency-Track) → Trivy secrets+misconfig → DefectDojo reimport. Adopters override `SecurityProductName` + `SecuritySolutionPath` and run `tamp Security`. DT and DD legs are env-var-gated; producer half runs unconditionally. .NET-focused for v0 — non-.NET adopters override Sbom to use Tamp.Syft instead.
Tamp.DefectDojo.V2

Tamp REST client for DefectDojo (API v2). Push SARIF findings and Dependency-Track FPF exports into a DefectDojo engagement via import-scan / reimport-scan. Reimport reconciles against prior scans so triage notes survive — preferred for every push after the first per engagement.
Tamp.Ingest.V1

Typed C# client + DTOs for the tamp-ingest-v1 egress contract — the canonical wire shape any Tamp.Security.Pipeline-driven build pushes to a compliant dashboard / defect tracker / evidence vault. First server-side consumer: tamp.findings. Wraps the seven ingest endpoints (SBOM / provenance / findings / coverage / test results / scan runs / vulnerabilities) as Async methods on TampIngestClient (derived from Tamp.Http.TampApiClient). Hierarchy tuple (Client → Project → Component → ComponentVersion + Flavor / Branch / PullRequestRef) modelled as the IngestBuildContext record.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.13.0 128 5/25/2026
1.12.0 64 5/25/2026
1.11.1 140 5/19/2026
1.11.0 122 5/18/2026