1 مستودع
Mapping of security findings to industry-standard identifiers like Common Weakness Enumeration (CWE).
Distinct from Finding Classification: Specifically addresses the mapping to external standards, whereas Finding Classification is a broader categorization process.
Explore 1 awesome GitHub repository matching security & cryptography · Standardized Classifications. Refine with filters or upvote what's useful.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Associates detected security issues with CWE identifiers for standardized vulnerability descriptions.