From 09a2941ad4b8988f39b61d4493c9024ef5884134 Mon Sep 17 00:00:00 2001 From: Cosmin Cojocar Date: Wed, 26 Jan 2022 18:29:03 +0100 Subject: [PATCH] Use the CWE name as a name in the SARIF report --- report/sarif/formatter.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/report/sarif/formatter.go b/report/sarif/formatter.go index d2b6e56..cb57c92 100644 --- a/report/sarif/formatter.go +++ b/report/sarif/formatter.go @@ -71,9 +71,14 @@ func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error) // parseSarifRule return SARIF rule field struct func parseSarifRule(issue *gosec.Issue) *ReportingDescriptor { + cwe := gosec.GetCweByRule(issue.RuleID) + name := issue.RuleID + if cwe != nil { + name = cwe.Name + } return &ReportingDescriptor{ ID: issue.RuleID, - Name: issue.What, + Name: name, ShortDescription: NewMultiformatMessageString(issue.What), FullDescription: NewMultiformatMessageString(issue.What), Help: NewMultiformatMessageString(fmt.Sprintf("%s\nSeverity: %s\nConfidence: %s\n",