Needed Support for CWE info in AWS Inspector findings (wrapped in scantype as AWS Security Hub) and Aquasec findings

[mahesh-ppro]

Hello Team, I was curious about the cwe field in the aquasec scans as well as AWS security hub scans. The field with name cwe_info is further in the chain getting transformed into cwe which is shown on the UI. But it expects a cwe number alone. Even if we provide that as a part of scan_report file it gets ignored and not shown on UI. Does that field not handled properly in the downstream processing ? Note : If we provide the cwe number by editing the finding from the UI itself then it works like a charm.

Could someone please shed some light on this ?

Thank you so much in advance