Add information about FP and FN to vulnerabilities (!9) · Merge requests · GitLab.org / Secure Stage / gsoc-sast-benchmark / evaluator

Martynas Krupskis requested to merge integrate-fp-fn-information into main Aug 17, 2022

Closes #4 (closed). Relates to gitlab-org/gitlab#364179 (closed)

This is how a vulnerability will looks right now in the gl-sast-diff-report.json. The downside is the new output struct DifferenceReport since none of the GitLab's report methods will work with it.

{
			"id": "cf04adaeefab834e6a4e81561eb0bbcf28cd0f615fc6314c2256e94e6a64fda1",
			"category": "sast",
			"message": "Improper Neutralization",
			"cve": "",
			"scanner": {
				"id": "baseline",
				"name": "baseline"
			},
			"location": {
				"file": "main.py",
				"start_line": 12
			},
			"identifiers": [
				{
					"type": "cwe",
					"name": "CWE-707",
					"value": "707",
					"url": "https://cwe.mitre.org/data/definitions/707.html"
				}
			],
			"type": "FN"
}

Edited Aug 21, 2022 by Martynas Krupskis

Add information about FP and FN to vulnerabilities

Merge request reports