When calling the API to get issues with type is VULNERABILITY of a project. We don’t see CWE-Number (Ex: CWE-564) from the JSON result file although it has CWE tags. Are there any way to get CWE-number of an issue with type is VULNERABILITY?
If we don’t support it. Could we have a plant so implement this feature?
We don’t effectively display the CWE number in the issue, cause a rule can have multiple ones on it.
We suggest you to make an extra call with the rule key to get the rule info (api route /api/rules/show?key=xxx) and then parse the description to get the proper CWE numbers.
If we have mutiple CWE number in the issues, we can return a list of them on JSON file. I saw some other tools like WhiteHat or Checkmarx, they also return list of CWE-number.
I believe this very useful when we return a list of CWE number. Besides, other system will import Sonarqube data to their system through REST API and CWE number is what they want.