Fortify Taxonomy via SSC API
I'm looking for a way to map a category to a taxonomy via the SSC REST API. For example, using the Fortify Taxonomy web site I can look up the weakness "Access Control: Database" and check its references to determine how it maps to the different taxonomies like "A5 Broken Access Control" (OWASP Top 10 2017).
Is there a way I can use the SSC API to do this?
I want to display the category and the associated taxonomies something like this...
OWASP->A5 Broken Access Control
STIG-> APSC-DV-000460 CAT I, APSC-DV-000470 CAT II, APSC-DV-002360 CAT II
CCI-> CCI-000213, CCI-001084, CCI-002165
Thanks for the reply. I'm not sure of the reasoning for this request. It's possible the information will used in POA&Ms but I'm not involved with that process. I was asked to quantify application vulnerabilities using additional classifications to STIG (i.e. CCI, OWASP, etc...). I think our RMF team may deal more with CCI's so I think this information may be useful to other teams.
I didn't see a direct way to accomplish this in the API. It would have been helpful to have an API to the Fortify Taxonomy information. I had to utilize several API resources to get the value of the "references" element of the "\issueDetails" resource. Then I had to parse the references string to determine how to associate the issue name to the different taxonomies.