rspec/rspec-tools/rspec_template/single_language/secrets/metadata.json

{
  "title": "SECRET_TYPE should not be disclosed",
  "type": "VULNERABILITY",
  "code": {
    "impacts": {
      "SECURITY": "BLOCKER"
    },
    "attribute": "TRUSTWORTHY"
  },
  "status": "beta",
  "remediation": {
    "func": "Constant\/Issue",
    "constantCost": "30min"
  },
  "tags": [
    "cwe",
    "cert"
  ],
  "defaultSeverity": "Blocker",
  "ruleSpecification": "RSPEC-${RSPEC_ID}",
  "sqKey": "S${RSPEC_ID}",
  "scope": "All",
  "securityStandards": {
    "CWE": [
      798,
      259
    ],
    "OWASP": [
      "A3"
    ],
    "CERT": [
      "MSC03-J."
    ],
    "OWASP Top 10 2021": [
      "A7"
    ],
    "PCI DSS 3.2": [
      "6.5.10"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ],
    "ASVS 4.0": [
      "2.10.4",
      "3.5.2",
      "6.4.1"
    ],
    "STIG ASD_V5R3": [
      "V-222642"
    ]
  },
  "defaultQualityProfiles": [
    "Sonar way"
  ],
  "quickfix": "unknown"
}
Create specialized single-language rules (#3996) 2024-06-26 09:52:29 +01:00			`{`
			`"title": "SECRET_TYPE should not be disclosed",`
			`"type": "VULNERABILITY",`
			`"code": {`
			`"impacts": {`
Fix Secrets template rule 2025-02-14 15:15:35 +01:00			`"SECURITY": "BLOCKER"`
Create specialized single-language rules (#3996) 2024-06-26 09:52:29 +01:00			`},`
			`"attribute": "TRUSTWORTHY"`
			`},`
SONARTEXT-328 Improve generic secret template (#4714) * Revise the secret rspec template * Set status=beta for new secrets * Revert back to old values for example_{secret,name,env} vars 2025-03-03 11:25:53 +01:00			`"status": "beta",`
Create specialized single-language rules (#3996) 2024-06-26 09:52:29 +01:00			`"remediation": {`
			`"func": "Constant\/Issue",`
			`"constantCost": "30min"`
			`},`
			`"tags": [`
			`"cwe",`
			`"cert"`
			`],`
			`"defaultSeverity": "Blocker",`
			`"ruleSpecification": "RSPEC-${RSPEC_ID}",`
			`"sqKey": "S${RSPEC_ID}",`
			`"scope": "All",`
			`"securityStandards": {`
			`"CWE": [`
			`798,`
			`259`
			`],`
			`"OWASP": [`
			`"A3"`
			`],`
			`"CERT": [`
			`"MSC03-J."`
			`],`
			`"OWASP Top 10 2021": [`
			`"A7"`
			`],`
			`"PCI DSS 3.2": [`
			`"6.5.10"`
			`],`
			`"PCI DSS 4.0": [`
			`"6.2.4"`
			`],`
			`"ASVS 4.0": [`
			`"2.10.4",`
			`"3.5.2",`
			`"6.4.1"`
			`],`
Modify rules: Rename STIG version in metadata (#4098) The Security Technical Implementation Guide security standard is being renamed from its release date (`2023-06-08`) to its official version and revision number (`V5R3`). This helps to align with the version number being used internally for reporting purposes. 2024-07-30 15:10:03 +01:00			`"STIG ASD_V5R3": [`
Create specialized single-language rules (#3996) 2024-06-26 09:52:29 +01:00			`"V-222642"`
			`]`
			`},`
			`"defaultQualityProfiles": [`
			`"Sonar way"`
			`],`
			`"quickfix": "unknown"`
			`}`