feat(compliance): add CWEs verification for sast analysis (#2793)

kaysavps · web-flow · commit 72ae67cc65ea · 2026-03-04T14:39:28.000+01:00
Signed-off-by: Victoria &lt;kaysa.vps@gmail.com&gt;
Signed-off-by: kaysavps &lt;49433866+kaysavps@users.noreply.github.com&gt;
diff --git a/.github/workflows/contracts/chainloop-vault-codeql.yaml b/.github/workflows/contracts/chainloop-vault-codeql.yaml
@@ -17,8 +17,11 @@ spec:
         with:
           check_signature: yes
           check_author_verified: yes
+    materials:
+      - ref: owasp-top10-2025
   policyGroups:
     - ref: slsa-checks
       with:
         runner: GITHUB_ACTION
     - ref: sast
+    - ref: cwes
