Display CWEs on the Vulnerability Details dialog page for Dependency Scanning

Overview

Many organizations rely on the CWE classification system and use it as a guide with which they can triage and prioritize remediation of vulnerabilities, e.g., the annual CWE Top 25.

For Dependency Scanning, Gemnasium captures the CWEs associated with a vulnerability but this metadata is not displayed within the Vulnerability Details dialog.

Context

Unlike SAST, the Vulnerability Details page for Dependency Scanning does not list associated CWEs. You can find them however with the link to the Gemnasium identifier (highlighted):

Following this link bring us to YAML where the CWEs are listed:

Proposal

Surface this CWE metadata from the YAML to the Vulnerability Details page.