vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard

Published 20 hours ago verified publisher icon nexB

Add support for CWE

Open ziadhany opened this issue 2 years ago • 3 comments

Reference: https://github.com/nexB/vulnerablecode/issues/651 Signed-off-by: Ziad [email protected]

ziadhany avatar Jun 24 '22 23:06 ziadhany

Screenshot from 2022-06-27 20-19-05

ziadhany avatar Jun 27 '22 18:06 ziadhany

This would need to be rebased... also you may want to remove the UI part to treat it separately as the UI has changed extensively! Also could we also get the CWE from the NVD importer? or is this something for later?

ok, no problem I will change this, but what about editing all importers not just NVD, I think I could handle this in a separate pull request.

1. the CWE library maintainer has not much replied to data, so if we need this we would have to fok it

oops, yes we can fork it. it isn't a complicated library, all data come from this database, we need to make sure the database is updated so I think we should use this link https://cwe.mitre.org/data/downloads.html as our database.

2. is there something else beyond CWE that would be about a more general concept of categories?

I don't know but the main three categories are

  • Software Development
  • Hardware Design
  • Research Concepts

some External Mappings :

  • CWE Top 25 (2022)
  • OWASP Top Ten (2021)
  • Software Fault Pattern Clusters

ziadhany avatar Sep 10 '22 16:09 ziadhany

Screenshot from 2022-09-11 01-38-04

ziadhany avatar Sep 10 '22 23:09 ziadhany

image

ziadhany avatar Nov 01 '22 11:11 ziadhany

@ziadhany the cwe2 library is ready now: https://pypi.org/project/cwe2/

pombredanne avatar Nov 21 '22 22:11 pombredanne

@ziadhany Could you rebase or merge on the latest main branch?

pombredanne avatar Dec 24 '22 23:12 pombredanne