Use taxa instead of tags to associate CWE in SARIF renderer

Question

Use taxa instead of tags to associate CWE in SARIF renderer

Opened this issue 5 months ago · 0 comments

Describe the bug
Currently the CWE number is associated to a rule via the tags property on the rule. However, according to spec, the taxa property should be used instead.

Tags SHOULD NOT be used to label a result or a rule as belonging to a category in a classification system such as the Common Weakness Enumeration [CWE™] (for example, by adding a tag "CWE/622"). Instead, taxonomies (§3.19.3) SHOULD be used for this purpose.

To Reproduce
Steps to reproduce the behavior:
n/a

Expected behavior
Will this still work in GitHub UI? If not, might have to do both.

Version

precli 0.5.2
Copyright 2024 Secure Saurce LLC
License BUSL-1.1: Business Source License 1.1 <https://spdx.org/licenses/BUSL-1.1.html>
  Python 3.12.1 (main, Dec 12 2023, 13:19:17) [Clang 15.0.0 (clang-1500.0.40.1)]

Additional context
See 3.19.25 taxa property in
https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html