Add Common Weakness Enumeration (CWE) table to cve db #4974
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Maik Otto <[email protected]>
Signed-off-by: Maik Otto <[email protected]>
Signed-off-by: Maik Otto <[email protected]>
The CWE is a category system for hardware and software weakness and vulnerabilities with the goal of understanding flaws. Signed-off-by: Maik Otto <[email protected]>
motto-phytec
force-pushed
the
WIP/[email protected]/add_cwe_db
branch
from
99314e4 to
386b7ef
Compare
|
This isn't a bad idea, but are you actually needing it for something? It's a lot of data to store and spit out unless there's a clear user need and I'm not sure that's true here. |
|
No response, so I'm going to go ahead and close this. If you (or anyone else reading this later!) need the CWE data in the cve-bin-tool reports, though, please open an issue so we can talk about storage requirements and download times and whether it should be on by default or in some kind of extended report generation option or what. It may be more feasible after some of our planned architecture changes than it is right now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Common Weakness Enumerations (CWE) is a category system for hardware and software weakness and
vulnerabilities with the goal of understanding flaws.
The declaration and the information about the CWE are on https://cwe.mitre.org/ available.
The CWEs help to assess a CVE and evaluate it for the system.
NVD, Redhat and curl are supported as data source for the CWE number.
The cve_cwe table has the CVE number, the CWE and the data source.