Skip to content

Add Common Weakness Enumeration (CWE) table to cve db #4974

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
motto-phytec wants to merge 4 commits into from
Closed

Add Common Weakness Enumeration (CWE) table to cve db #4974

motto-phytec wants to merge 4 commits into from

Conversation

@motto-phytec
Copy link

@motto-phytec motto-phytec commented Mar 25, 2025

The Common Weakness Enumerations (CWE) is a category system for hardware and software weakness and
vulnerabilities with the goal of understanding flaws.
The declaration and the information about the CWE are on https://cwe.mitre.org/ available.
The CWEs help to assess a CVE and evaluate it for the system.
NVD, Redhat and curl are supported as data source for the CWE number.
The cve_cwe table has the CVE number, the CWE and the data source.

@motto-phytec motto-phytec mentioned this pull request Mar 28, 2025
Merged
@motto-phytec
data_sources: nvd_source.py: Add CWE information to the CVE
c3723f7 
Signed-off-by: Maik Otto <m.otto@phytec.de>
@motto-phytec
data_sources: redhat_source.py: Get CWE information
5309608 
Signed-off-by: Maik Otto <m.otto@phytec.de>
@motto-phytec
data_sources: curl_source.py: Get CWE information
4578702 
Signed-off-by: Maik Otto <m.otto@phytec.de>
@motto-phytec
cve_bin_tool: cvedb.py: Add Common Weakness Enumeration (CWE) table
386b7ef 
The CWE is a category system for hardware and software weakness and
vulnerabilities with the goal of understanding flaws.

Signed-off-by: Maik Otto <m.otto@phytec.de>
@motto-phytec motto-phytec force-pushed the WIP/m.otto@phytec.de/add_cwe_db branch from 99314e4 to 386b7ef Compare April 7, 2025 06:40
@terriko
Copy link
Contributor

terriko commented Apr 21, 2025

This isn't a bad idea, but are you actually needing it for something? It's a lot of data to store and spit out unless there's a clear user need and I'm not sure that's true here.

@terriko
Copy link
Contributor

terriko commented May 5, 2025

No response, so I'm going to go ahead and close this. If you (or anyone else reading this later!) need the CWE data in the cve-bin-tool reports, though, please open an issue so we can talk about storage requirements and download times and whether it should be on by default or in some kind of extended report generation option or what. It may be more feasible after some of our planned architecture changes than it is right now.

@terriko terriko closed this May 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@motto-phytec @terriko