securitygraph_cwe

Markdown export of the MITRE CWE catalog for graph-oriented tools such as keep and Obsidian.

This repository contains generated Markdown documents for:

• CWE weaknesses
• CWE categories
• CWE views
• CWE external references

The source of truth is MITRE's published CWE XML catalog. The generator in src/ downloads the upstream files into .cache/ and rebuilds the Markdown corpus from those primary sources.

Source Data

MITRE publishes the CWE schema and catalog at:

• https://cwe.mitre.org/data/xsd/cwe_schema_latest.xsd
• https://cwe.mitre.org/data/xml/cwec_latest.xml.zip

The source data is subject to the CWE Terms of Use:

• https://cwe.mitre.org/about/termsofuse.html

Repository Layout

• weaknesses/: one Markdown file per CWE weakness
• categories/: one Markdown file per CWE category
• views/: one Markdown file per CWE view
• references/: one Markdown file per external reference
• src/parse_cwe.py: parser and renderer
• spec/spec.md: export spec
• .cache/: ignored download cache for the original MITRE files

Regenerating

Rebuild everything from the original MITRE sources with:

make parse

This will:

1. Download the latest schema and catalog into .cache/
2. Regenerate categories/, views/, weaknesses/, and references/

To remove generated output directories:

make clean

Export Conventions

• Document identity is stored in _id
• Reference provenance uses _source_uri
• Cross-document relationships use wikilinks such as [[CWE-20|Improper Input Validation]]
• Weakness and view bodies are rendered to roughly match the section layout used on the CWE website

License

The repository includes MITRE's LICENSE.txt. See that file together with MITRE's published Terms of Use.