Setting expectations, what is the source of truth for CWEs I can expect codeQL to find? #17364
shay-legit
started this conversation in
General
Replies: 1 comment
-
|
Hi Yes, I believe that is the list of CWEs that we currently support. Note that some CWEs are extremely broad in scope, for example CWE-200, where sensitive information can mean a lot of different things, so claiming full support is virtually impossible. Out of interest, which results were you missing on WebGoat? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi
Is this list below the one I should look at for supported CWEs per language? Can I expect relevant CWE-s for the specific language to be found (in case of a matching issue)? is there somewhere else I should be looking at?
https://codeql.github.com/codeql-query-help/full-cwe/
I am mostly asking after testing a few things with "WebGoat" and not seeing issues that should have been found according to the above table.
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions