Skip to content

Add Seqra SARIF reader support#266

Open
seqradev wants to merge 1 commit intoOWASP-Benchmark:mainfrom
seqradev:seqradev/support-seqra
Open

Add Seqra SARIF reader support#266
seqradev wants to merge 1 commit intoOWASP-Benchmark:mainfrom
seqradev:seqradev/support-seqra

Conversation

@seqradev
Copy link

@seqradev seqradev commented Feb 6, 2026

  • Add SeqraReader, a new SARIF-based parser for the Seqra static analysis tool
  • Include CWE mapping override for the cookie-issecure-false rule, which reports CWE-319 but should map to CWE-614 (Insecure Cookie) for Benchmark scoring
  • Register the reader in Reader.java alongside existing parsers

@seqradev
Add Seqra SARIF reader support
b7932c5 
Add support for Seqra security static analysis tool:
- SeqraReader.java: SARIF reader using CweSourceType.TAG
- SeqraReaderTest.java: Unit tests for the reader
- Benchmark_Seqra.sarif: Test data file
- Register reader in Reader.java
@seqradev seqradev mentioned this pull request Feb 6, 2026
Open
@davewichers
Copy link
Contributor

davewichers commented Feb 6, 2026

@darkspirit510 - Can you review all this and the change to BencharkJava too. This tool's repo is apparently at: https://github.com/seqra/seqra-jvm and there is a wiki article about it here: https://deepwiki.com/seqra/seqra-jvm-sast.

@seqradev
Copy link
Author

seqradev commented Feb 6, 2026

Hi @davewichers,
The main repository for the tool is https://github.com/seqra/seqra, and the corresponding wiki article is https://deepwiki.com/seqra/seqra. We also have a website at https://seqra.dev.

If you have any questions, feel free to ask. Thanks for the quick response!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seqradev @davewichers