Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include CWE mappings for all bandit issues #612

Closed
julianthome opened this issue May 13, 2020 · 5 comments · Fixed by #613
Closed

Include CWE mappings for all bandit issues #612

julianthome opened this issue May 13, 2020 · 5 comments · Fixed by #613
Labels
enhancement New feature or request
Milestone
Release 1.7.3

Comments

@julianthome
Copy link
Contributor

julianthome commented May 13, 2020
edited
Loading

Is your feature request related to a problem? Please describe.
The internal vulnerability identifiers/issues used by bandit cannot be mapped to commonly used vulnerability metrics such as CWE. Some environments may require CWEs to be used as a standard for categorizing vulnerabilities. In addition, CWE mappings are very useful to consolidate vulnerability reports produced by different tools.

Describe the solution you'd like
Every vulnerability should get assigned a CWE identifier.

Describe alternatives you've considered

Additional context
@julianthome
Copy link
Contributor Author

julianthome commented May 13, 2020
edited
Loading

I have created a PR that adds CWE mappings for all bandit issues and changes the formatters accordingly: #613

@julianthome julianthome changed the title CWE mappings for vulnerability types Include CWE mappings for all bandit issues May 14, 2020
@ericwb
Copy link
Member

ericwb commented May 18, 2020

Please reference this feature in your PR

@ericwb ericwb added the enhancement New feature or request label May 18, 2020
@ericwb
Copy link
Member

ericwb commented May 18, 2020

I'd like to also see a parameter in the metadata for a link to the http://cwe.mitre.org/ site with the referenced ID.

@julianthome julianthome mentioned this issue May 19, 2020
Merged
@julianthome
Copy link
Contributor Author

I'd like to also see a parameter in the metadata for a link to the http://cwe.mitre.org/ site with the referenced ID.

Thanks again @ericwb. I addressed your comments in the PR 👍

@ericwb ericwb added this to the Release 2.0.0 milestone Dec 6, 2020
@bhuvi11
Copy link

bhuvi11 commented Aug 31, 2021

Hello Team,

Is this enhancement already done ? Can someone help me on this?

@ericwb ericwb modified the milestones: Release 2.0.0, Release 1.7.3 Mar 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Release 1.7.3
Development

Successfully merging a pull request may close this issue.

Including CWE information julianthome/bandit
3 participants
@ericwb @julianthome @bhuvi11