Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWE Catalogue Out of Date #2871

Closed
2 tasks done
msymons opened this issue Jul 5, 2023 · 1 comment · Fixed by #2877
Closed
2 tasks done

CWE Catalogue Out of Date #2871

msymons opened this issue Jul 5, 2023 · 1 comment · Fixed by #2877
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Milestone
4.9

Comments

@msymons
Copy link
Member

msymons commented Jul 5, 2023

Current Behavior

Dependency-Track log is reporting:

2023-06-30 06:41:55,289 WARN [NvdParser] CWE CWE-1386 now found in Dependency-Track database. This could signify an issue with the NVD or with Dependency-Track not having advanced knowledge of this specific CWE identifier.
2023-07-01 07:05:08,266 WARN [NvdParser] CWE CWE-1385 now found in Dependency-Track database. This could signify an issue with the NVD or with Dependency-Track not having advanced knowledge of this specific CWE identifier.
2023-07-01 08:07:13,360 WARN [NvdParser] CWE CWE-1391 now found in Dependency-Track database. This could signify an issue with the NVD or with Dependency-Track not having advanced knowledge of this specific CWE identifier.

Steps to Reproduce

  1. Examine Dependency Track api-server log for NvdParser WARN entries

Expected Behavior

  1. NVDParser WARN messages should say "not found" rather than "now found"
  2. Dependency-Track is currently using CWE List version 4.6 (cwec_v4.6.xml). Should be v4.12.

Dependency-Track Version

4.8.2

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Mozilla Firefox

Checklist
@msymons msymons added defect Something isn't working in triage p2 Non-critical bugs, and features that help organizations to identify and reduce risk and removed in triage labels Jul 5, 2023
@msymons msymons added this to the 4.9 milestone Jul 5, 2023
nscuro added a commit to nscuro/dependency-track that referenced this issue Jul 6, 2023
@nscuro
Bump CWE dictionary to v4.12
7ece0d9 
Closes DependencyTrack#2871

Signed-off-by: nscuro <[email protected]>
nscuro added a commit to nscuro/dependency-track that referenced this issue Jul 6, 2023
@nscuro
Fix typo in NvdParser
38ae7a1 
Closes DependencyTrack#2871

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro mentioned this issue Jul 6, 2023
Merged
2 tasks
@github-actions
Copy link
Contributor

github-actions bot commented Aug 6, 2023

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Projects
None yet
Milestone
4.9
Development

Successfully merging a pull request may close this issue.

Bump CWE dictionary to v4.12 nscuro/dependency-track
1 participant
@msymons