You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With feature request that I'm going to explain, we'd like to achieve improved development process as below (continuous learning and improvement of coding skill).
Execute SAST -> Learn vulnerability found by SAST results -> Improve developer's skill -> Code -> (Back to Execute SAST)
Now, we have a modified SARIF file generated by Secure Code Warriror's plugin (BTW, Secure Code Warrior is learning platform that helps developer to learn secure coding). Inside "runs" -> "tool" -> "driver" -> "rules" -> "help" section of the SARIF, it provides learning guide that allows developer to learn security vulnerability with associated video and learning challenge.
So, my request is :
Could you please, add feature to SARIF Viewer to enable customizing what information to show under "INFO" tab of SARIF Results?
Specifically, we'd like information inside the "rules" -> "help" (please, see below for detail) of SARIF to be shown in the "INFO" section of SARIF Results. Please, also see an image for the details.
With such feature gets inplemented in SARIF Viewer, our development process should be improved.
So, we hope this feature to be implemented.
"help": {
"text": "機密情報のリークを防ぐため、例外メッセージを出力に渡してはならない [CWE.200.PEO]\n\nBuild your secure coding skills and defend your code:\n\n[CWE 200] Exposure of Sensitive Information to an Unauthorized Actor [What is this? (2min video)](https://media.securecodewarrior.com/v2/module_57_sensitive_data_exposure.mp4)\n\nThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. [Try this challenge in Secure Code Warrior](https://portal.securecodewarrior.com/?utm_source=partner-integration:github-sarif-action#/contextual-microlearning/web/infoexposure/sensitiveinfo)",
"markdown": "## Build your secure coding skills and defend your code\n\n#### [CWE 200] Exposure of Sensitive Information to an Unauthorized Actor *[What is this? (2min video)](https://media.securecodewarrior.com/v2/module_57_sensitive_data_exposure.mp4)*\n\n* The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. [Try this challenge in Secure Code Warrior](https://portal.securecodewarrior.com/?utm_source=partner-integration:github-sarif-action#/contextual-microlearning/web/infoexposure/sensitiveinfo)"
},
Please, let me know if you have any questions or concerns.
The text was updated successfully, but these errors were encountered:
With feature request that I'm going to explain, we'd like to achieve improved development process as below (continuous learning and improvement of coding skill).
Execute SAST -> Learn vulnerability found by SAST results -> Improve developer's skill -> Code -> (Back to Execute SAST)
Now, we have a modified SARIF file generated by Secure Code Warriror's plugin (BTW, Secure Code Warrior is learning platform that helps developer to learn secure coding). Inside "runs" -> "tool" -> "driver" -> "rules" -> "help" section of the SARIF, it provides learning guide that allows developer to learn security vulnerability with associated video and learning challenge.
So, my request is :
Could you please, add feature to SARIF Viewer to enable customizing what information to show under "INFO" tab of SARIF Results?
Specifically, we'd like information inside the "rules" -> "help" (please, see below for detail) of SARIF to be shown in the "INFO" section of SARIF Results.
Please, also see an image for the details.
With such feature gets inplemented in SARIF Viewer, our development process should be improved.
So, we hope this feature to be implemented.
Please, let me know if you have any questions or concerns.
The text was updated successfully, but these errors were encountered: