Merge branch 'master' into kics-1317

README.md

@@ -108,7 +108,7 @@ KICS is used by various companies and organizations, some are listed below. If y
 -   [JIT](https://www.jit.io/) ([SAST for IaC](https://www.jit.io/security-tools/kics))
 -   [Firefly](https://www.firefly.ai/)
 -   [Redpanda](https://redpanda.com/)
--   [Keptn](https://keptn.sh)
+-   [Keptn](https://github.com/keptn) / [Keptn Lifecycle Toolkit](https://keptn.sh)
 
 **Keeping Infrastructure as Code Secure!**
 

e2e/fixtures/schemas/result-asff.json

@@ -136,6 +136,9 @@
                     }
                 }
             },
+            "CWE":{
+                "type":"string"
+            },
             "Title": {
                 "type": "string",
                 "minLength": 1

e2e/fixtures/schemas/result-codeclimate.json

@@ -40,6 +40,10 @@
                 "type": "string",
                 "minLength": 1
             },
+            "cwe":{
+                "type": "string",
+                "minimum": 0
+            },
             "description": {
                 "type": "string",
                 "minLength": 1

e2e/fixtures/schemas/result-csv.json

@@ -31,7 +31,7 @@
     },
     "items": {
         "type": "object",
-        "additionalProperties": false,
+        "additionalProperties": true,
         "required": [
             "QueryName",
             "QueryID",
@@ -94,6 +94,10 @@
                     "Terraform"
                 ]
             },
+            "CWE": {
+                "type": "string",
+                "minLength": 0
+            },
             "CloudProvider": {
                 "type": "string",
                 "minLength": 1

e2e/fixtures/schemas/result-cyclonedx.json

@@ -256,6 +256,10 @@
                                                     }
                                                 }
                                             }
+                                        },
+                                        "CWE": {
+                                            "type": "string",
+                                            "minLength": 0
                                         }
                                     }
                                 }

e2e/fixtures/schemas/result-gl-sast.json

@@ -152,6 +152,10 @@
                         "minLength": 1,
                         "maxLength": 255
                     },
+                    "cwe":{
+                        "type": "string",
+                        "minLength": 0
+                    },
                     "links": {
                         "type": "array",
                         "items": {

e2e/fixtures/schemas/result-junit.json

@@ -96,6 +96,10 @@
                       }
                     }
                   }
+                },
+                "CWE":{
+                  "type": "string",
+                  "minLength": 0
                 }
               }
             }

e2e/fixtures/schemas/result-sonarqube.json

@@ -34,6 +34,10 @@
                             "CRITICAL"
                         ]
                     },
+                    "cwe": {
+                        "type": "string",
+                        "minLength": 0
+                    },
                     "type": {
                         "type": "string",
                         "enum": [

e2e/fixtures/schemas/result.json

@@ -113,6 +113,10 @@
               "Terraform"
             ]
           },
+          "cwe": {
+            "type": "string",
+            "minLength": 0
+          },
           "files": {
             "type": "array",
             "items": {

e2e/utils/csv.go

@@ -32,32 +32,33 @@ func CSVToJSON(t *testing.T, filename string) []byte {
 	var csvItems []csvSchema
 
 	for _, row := range csvData[1:] {
-		line, lineErr := strconv.Atoi(row[14])
+		line, lineErr := strconv.Atoi(row[15])
 		require.NoError(t, lineErr, "Error when converting CSV: %s", fullPath)
-		searchLine, searchErr := strconv.Atoi(row[17])
+		searchLine, searchErr := strconv.Atoi(row[18])
 		require.NoError(t, searchErr, "Error when converting CSV: %s", fullPath)
 
 		csvStruct.QueryName = row[0]
 		csvStruct.QueryID = row[1]
 		csvStruct.QueryURI = row[2]
 		csvStruct.Severity = row[3]
 		csvStruct.Platform = row[4]
-		csvStruct.CloudProvider = row[5]
-		csvStruct.Category = row[6]
-		csvStruct.DescriptionID = row[7]
-		csvStruct.Description = row[8]
-		csvStruct.CISDescriptionIDFormatted = row[9]
-		csvStruct.CISDescriptionTitle = row[10]
-		csvStruct.CISDescriptionTextFormatted = row[11]
-		csvStruct.FileName = row[12]
-		csvStruct.SimilarityID = row[13]
+		csvStruct.Cwe = row[5]
+		csvStruct.CloudProvider = row[6]
+		csvStruct.Category = row[7]
+		csvStruct.DescriptionID = row[8]
+		csvStruct.Description = row[9]
+		csvStruct.CISDescriptionIDFormatted = row[10]
+		csvStruct.CISDescriptionTitle = row[11]
+		csvStruct.CISDescriptionTextFormatted = row[12]
+		csvStruct.FileName = row[13]
+		csvStruct.SimilarityID = row[14]
 		csvStruct.Line = line
-		csvStruct.IssueType = row[15]
-		csvStruct.SearchKey = row[16]
+		csvStruct.IssueType = row[16]
+		csvStruct.SearchKey = row[17]
 		csvStruct.SearchLine = searchLine
-		csvStruct.SearchValue = row[18]
-		csvStruct.ExpectedValue = row[19]
-		csvStruct.ActualValue = row[20]
+		csvStruct.SearchValue = row[19]
+		csvStruct.ExpectedValue = row[20]
+		csvStruct.ActualValue = row[21]
 		csvItems = append(csvItems, csvStruct)
 	}
 
@@ -73,6 +74,7 @@ type csvSchema struct {
 	QueryURI                    string
 	Severity                    string
 	Platform                    string
+	Cwe                         string
 	CloudProvider               string
 	Category                    string
 	DescriptionID               string

e2e/utils/xml.go

@@ -71,6 +71,7 @@ type CycloneSchema struct {
 			Vulnerabilities []struct {
 				Ref    string `xml:"ref,attr"`
 				ID     string `xml:"id"`
+				CWE    string `xml:"cwe"`
 				Source struct {
 					Name string `xml:"name"`
 					URL  string `xml:"url"`