← Docs

Recipe: Code finding → CWE mapper

Map static analysis findings to CWE identifiers for compliance and triage.

Overview

This recipe takes raw code findings from Meridian scans and enriches them with CWE mappings. Each finding is matched against a rule table that maps pattern signatures to CWE-IDs, producing a structured JSON report suitable for GRC pipelines.

Input

  • Meridian scan results (JSON)
  • CWE mapping ruleset (YAML)
  • Optional: severity override config

Steps

  1. Parse scan output and extract finding signatures.
  2. Load the CWE ruleset and compile pattern matchers.
  3. For each finding, run pattern match; assign CWE-ID and confidence score.
  4. Merge severity overrides if supplied.
  5. Emit enriched JSON to stdout or output file.

Output schema

{
  "findings": [
    {
      "id": "F-001",
      "cwe": "CWE-79",
      "confidence": 0.94,
      "severity": "high"
    }
  ]
}
← Back to docs