Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Populate Security-Severity Value #608

Open
gfs opened this issue Feb 29, 2024 · 0 comments
Open

Populate Security-Severity Value #608

gfs opened this issue Feb 29, 2024 · 0 comments
Labels
enhancement rule Something associated with the rules (not code related)

Comments

@gfs
Copy link
Contributor

gfs commented Feb 29, 2024

Is your feature request related to a problem? Please describe.
GitHub Code Scanning Recognizes a security-severity value to specify a CWE value for a finding. DevSkim doesn't have these values defined, but it might be nice to have that included in the rules. This would also require a small amount of work to then inject those values into the output sarif.

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object

Follow up from #605, #606

Describe the solution you'd like
Each rule would need to be evaluated to determine the appropriate CWE level on a float scale from 0-10.
@gfs gfs added enhancement rule Something associated with the rules (not code related) labels Feb 29, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
enhancement rule Something associated with the rules (not code related)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gfs