Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-16059

Add the "Permission" security category

    XMLWordPrintable

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      With the IaC feature, we have more and more rules related to Permissions Management.
      It make sense to have them in a dedicated Security Category instead of having all Vulnerabilities or Security Hotspots in the Others category.

      Add "Permission" Security Category

      The new "Permission" Security Category should associated to the following list of CWEs:

      • CWE-266
      • CWE-284
      • CWE-668
      • CWE-269
      • CWE-732

      This security category should be named: "Permission"

      The "Generic Security Category vs CWE" document was updated accordingly
      https://docs.google.com/spreadsheets/d/16EKZdULUrH-iOGfUFPBWOe0nZbtjcsGCVH_bzDtyhEc/edit#gid=0

        Attachments

          Activity

            People

            Assignee:
            matteo.mara Matteo Mara
            Reporter:
            alexandre.gigleux Alexandre Gigleux
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: