Setting expectations, what is the source of truth for CWEs I can expect codeQL to find? #17364
shay-legit
started this conversation in
General
Replies: 1 comment
-
Hi Yes, I believe that is the list of CWEs that we currently support. Note that some CWEs are extremely broad in scope, for example CWE-200, where sensitive information can mean a lot of different things, so claiming full support is virtually impossible. Out of interest, which results were you missing on WebGoat? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi
Is this list below the one I should look at for supported CWEs per language? Can I expect relevant CWE-s for the specific language to be found (in case of a matching issue)? is there somewhere else I should be looking at?
https://codeql.github.com/codeql-query-help/full-cwe/
I am mostly asking after testing a few things with "WebGoat" and not seeing issues that should have been found according to the above table.
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions