A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Executable with Node.js tooling
If you have a Node.js environment, you can invoke
cwe-tool using the npx tool as follows:
npx cwe-tool [...command-line options...]
TBD (❌ PRs welcome)
The CWE Tool output is JSON to allow processing of the data or later investigations.
Command-line options blueprint:
||Get a CWE data by its ID.||✅|
||✅ PRs welcome|
||When specified along with
||String search returns all the matching CWEs titles||✅|
||Returns all the CWE IDs along with their CWE Category membership relations||❌ PRs welcome|
Get CWE By ID
npx cwe-tool --id 22
Filter for CWE IDs that satisfy a parent relationship
The following command filters all CWE IDs based on whether they satisfy any direct or indirect relationship across the tree to a given parent ID.
npx cwe-tool --id 22 --parent-id 167 --indirect
The output is the following JSON:
Please consult CONTRIBUTING for guidelines on contributing to this project.