Hello,
I found your project(s) on github and want to thank you for your open-source work. I came across Dogesec repo because I am researching what it would take to build a KB for DAST scan output. The goal of the KB is to make it easier for dev teams to perform triage on alerts, gather metrics, and steer sec pipeline development. I was thinking about how I could enrich alert results by correlating DAST alerts which include CWE with other MITRE projects. Does this approach make sense? I would appreciate your thoughts because you have made so many tools for TI, I’m hoping to bring that sort of information into DevSecOps vuln management.
I’m using ZAP if that makes a difference… ZAP – ZAP Alert Details
Thank you for your time,
-James