gitnachogo
commented
3 years ago I've integrated VisualCodeGrepper into OWASP Benchmark, but there are many code issues whose related CWE number is unknown for me, so it would be great if you guys could make it in your side and I just would add it easily.
Hi! I am doing a research of many different SAST applications for the final project of my cybersecurity master, and I've reached VCG. After some tests, I wanted to have an OWASP Benchmark of this tool, but I've realized there is not a reader for VCG in it. Anyway, I am up to dev this integration, but there is a handicap due to the tool does not report the CWE number of the code issues it finds. Anyone knows how could I map these code issues into CWE numbers in order to integrate it into OWASP Benchmark? Thankssss :)