You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to assess the maturity of a SAST product, it's important to know which issues are hidden in benchmark such as this repo.
It would be great to provide the list of expected issues, including their location + the corresponding CWE identifier.
The goal for sure it's not to hard code the finding but to save time and re-invent the wheel for every SAST products.
In order to assess the maturity of a SAST product, it's important to know which issues are hidden in benchmark such as this repo.
It would be great to provide the list of expected issues, including their location + the corresponding CWE identifier.
The goal for sure it's not to hard code the finding but to save time and re-invent the wheel for every SAST products.
Recently, I work with the author of https://github.com/SasanLabs/VulnerableApp/ to provide such list for his project. Here is the file: https://github.com/SasanLabs/VulnerableApp/blob/master/scanner/sast/expectedIssues.csv
It's as simple as a CSV file with the following information:
CWE | Vulnerability Type | File | Line | Number of Sources
If you are OK with the idea, I can contribute a first version and we iterate on it.
The text was updated successfully, but these errors were encountered: