search

oasis-tcs / sarif-spec

OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues
https://github.com/oasis-tcs/sarif-spec
Other
165 stars 47 forks source link

Add MetaData Field for Remediation? #472

Open josepalafox opened 4 years ago

josepalafox commented 4 years ago

Companies like Checkmarx offer tools like https://free.codebashing.com/ and other companies like https://securecodewarrior.com/ also work in this space.

I'm curious if the standard would consider supporting a metadata field that could link a user to resources to learn about how to remediate the vulnerability. For example if a SAST tool identifies a certain CWE error like SQL injection and then links the user to a resource like this: https://free.codebashing.com/courses/java/lessons/sql_injection.

PatMyron commented 2 years ago

curious if the standard would consider supporting a metadata field that could link a user to resources to learn about how to remediate the vulnerability

or SARIF tooling could auto-remediation findings directly through metadata