Skip to content

Support `owasp` mapping key for SecureCodeWarrior to Vulnerability Details and Modal

The SecureCodeWarrior API supports other mapping keys other than CWE, let's ensure we display those corresponding training materials.

The complete list of supported mapping list for SecureCodeWarrior can be called via this API request:

https://integration-api.securecodewarrior.com/docs/#/definitions/MappingListResponse

curl -X GET 'https://integration-api.securecodewarrior.com/api/v1/mapping-lists'

Sample Response 
[
  {
    "slug": "cwe",
    "name": "Common Weakness Enumeration (CWE)",
    "_links": {
      "detail": "https://integration-api.securecodewarrior.com/api/v1/mapping-lists/cwe/items"
    }
  },
  {
    "slug": "default",
    "name": "Secure Code Warrior",
    "_links": {
      "detail": "https://integration-api.securecodewarrior.com/api/v1/mapping-lists/default/items"
    }
  },
  {
    "slug": "owasp-api-2019",
    "name": "OWASP API Top 10 2019",
    "_links": {
      "detail": "https://integration-api.securecodewarrior.com/api/v1/mapping-lists/owasp-api-2019/items"
    }
  },
  {
    "slug": "owasp-mobile-2016",
    "name": "OWASP TOP 10 Mobile - 2016",
    "_links": {
      "detail": "https://integration-api.securecodewarrior.com/api/v1/mapping-lists/owasp-mobile-2016/items"
    }
  },
  {
    "slug": "owasp-web-2017",
    "name": "OWASP TOP 10 Web - 2017: The Ten Most Critical Web Application Security Risks",
    "_links": {
      "detail": "https://integration-api.securecodewarrior.com/api/v1/mapping-lists/owasp-web-2017/items"
    }
  },
  {
    "slug": "phrase",
    "name": "Phrase",
    "_links": {
      "detail": "https://integration-api.securecodewarrior.com/api/v1/mapping-lists/phrase/items"
    }
  },
  {
    "slug": "vrt",
    "name": "Vulnerability Rating Taxonomy (VRT) from Bugcrowd",
    "_links": {
      "detail": "https://integration-api.securecodewarrior.com/api/v1/mapping-lists/vrt/items"
    }
  },
  {
    "slug": "vulncat",
    "name": "Fortify vulnerability categories (vulncat) from MicroFocus",
    "_links": {
      "detail": "https://integration-api.securecodewarrior.com/api/v1/mapping-lists/vulncat/items"
    }
  }
]

This support will need to be added to the following pages:

  1. Vulnerability Details page
  2. Vulnerability Modal in MR widget and pipeline security tab

Order of importance for support

We want to add support for this identifier

  1. owasp (We will try to tackle this only for lower case owasp, the upper case one will be tackled in #366556)

Note

As for our other training provider, Kontra, only CWE is supported, so this additional check will not be applicable.

Edited by Samantha Ming