advanced-security-compliance icon indicating copy to clipboard operation
advanced-security-compliance copied to clipboard

Published 20 hours ago verified publisher icon GeekMasher

CWE and OWASP Top 10 Support

Open GeekMasher opened this issue 4 years ago • 1 comments

Description

We need to match CWE IDs from Code Scanning and Dependabot (not OWASP data).

Propose Solution

Code Scanning:

This data isn't in the API, we will need to pull the SARIF file and match results between the two sources.

Dependabot:

This data is present for CWE but just need the match and check in place.

[optional] Alternative Solutions

NA

GeekMasher avatar Jun 24 '21 09:06 GeekMasher

Maybe pull each issue from the API which has the data we want https://docs.github.com/en/rest/reference/code-scanning#get-a-code-scanning-alert

GeekMasher avatar Jun 24 '21 09:06 GeekMasher