Display CWEs on the Vulnerability Details dialog page for Dependency Scanning
Overview
Many organizations rely on the CWE classification system and use it as a guide with which they can triage and prioritize remediation of vulnerabilities, e.g., the annual CWE Top 25.
For Dependency Scanning, Gemnasium captures the CWEs associated with a vulnerability but this metadata is not displayed within the Vulnerability Details dialog.
Context
Unlike SAST, the Vulnerability Details page for Dependency Scanning does not list associated CWEs. You can find them however with the link to the Gemnasium identifier (highlighted):
Following this link bring us to YAML where the CWEs are listed:
Proposal
Surface this CWE metadata from the YAML to the Vulnerability Details page.
Edited by John Feeney