Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-15212

Update Security Categories vs CWE Mapping (Security Reports, Security Hotspots)

    XMLWordPrintable

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      Configuration file was updated: https://docs.google.com/spreadsheets/d/16EKZdULUrH-iOGfUFPBWOe0nZbtjcsGCVH_bzDtyhEc/ while reviewing SonarIaC analyzer results.
      Despite the changes where triggering by SonarIaC, they are valuable also for existing analyzers on SonarQube.

      Here is an extract from this file corresponding to the change we need to apply.

      Update "SQL Injection" the following CWEs:

      • CWE-943

      Introduce a new category called: "Encryption of Sensitive Data" with the following associated CWEs:

      • CWE-311
      • CWE-315
      • CWE-319

      Remove from "Insecure Configuration" the following CWEs:

      • CWE-311
      • CWE-315

      Introduce a new Category called: "Traceability" with the following associated CWEs:

      • CWE-778

      Add to the "Authentication" category the following CWEs:

      • CWE-308
      • CWE-732

        Attachments

          Activity

            People

            Assignee:
            lukasz.jarocki Ɓukasz Jarocki
            Reporter:
            alexandre.gigleux Alexandre Gigleux
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: