.webp)
CWE Checker
Axivion Static Code Analysis provides a Common Weakness Enumeration Checker, a tool that allows you to check your code for many of the security issues listed in the CWE as a preventive measure.
If you have any questions or want to schedule a meeting with one of our experts, let us know.
What is Common Weakness Enumeration?
The Common Weakness Enumeration (CWE) is a collection and categorisation of vulnerabilities in software and hardware. CWE focuses on security vulnerabilities and thus the area of cybersecurity and IT security. So, CWE differs fundamentally from rule sets such as MISRA or AUTOSAR, which focus more on safety aspects. Another difference between CWE and standards such as C Secure Coding (ISO/IEC TS 17961) is that CWE does not specify concrete rules to be followed when implementing a checker. Instead, CWE provides a list of vulnerabilities to avoid in your software projects.
Security Vulnerability Analysis with CWE and Axivion
Axivion Static Code Analysis includes the Common Weakness Enumeration Checker, a tool that allows you to check your code for many of the security issues listed in the CWE as a preventive measure.
The typical problems that are associated with automotive software security, are also an issue for embedded software in other industries such as medical technology, household appliances and agricultural machinery.
By adding Axivion Architecture Verification you can also analyse your software architecture and thus help identify security vulnerabilities caused by the architecture. Automated checks of coding guidelines such as naming conventions and metrics monitoring also help you maintain the maintainability of your software.
Axivion not only identifies current issues, it also helps you to avoid future security problems and thereby other problems listed in the CWE.
Together with the other rule checkers of the Axivion Suite, you get a comprehensive check of your code regarding problems relevant for maintenance, safety, and security. This allows you to counter their effects directly during development at an early stage.
Benefit from the CWE Checker
- Structured analysis process for existing projects
Axivion’s unique delta mechanism helps you focus on your daily work of producing secure code. In reviews, delta analysis makes it easy to identify deviations from the rules created by sprints, releases, feature branches, etc. - Workplace and DevOps/CI integration
Axivion’s CWE Checker results integrate with IDEs and CI environments, allowing easy integration into your processes from local checks to full-blown automated checks in your CI environment with the same configuration and results.
- Focus through severity grading and reporting
Severity classification of rules and rule groups allows you to prioritise your work. By means of justifications, deviations from the rules in the work process can be dealt with in a structured and systematic way in order to develop in conformity with standards. Generate reports about the check of your code for the weak points in the CWE.
See for yourself
Our experts not only offer their advice and give you a demo. They can do a workshop tailored to your individual development environment, showing you how easy it is to benefit from using Static Code Analysis.
