SONARJAVA-5021 Update Rules Metadata (#4801)

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2053.html

@@ -70,5 +70,7 @@ <h3>Standards</h3>
   Exposure</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/759">CWE-759 - Use of a One-Way Hash without a Salt</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/760">CWE-760 - Use of a One-Way Hash with a Predictable Salt</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542">Application Security and
+  Development: V-222542</a> - The application must only store cryptographic representations of passwords. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2053.json

@@ -35,6 +35,9 @@
     ],
     "PCI DSS 4.0": [
       "6.2.4"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222542"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2092.html

@@ -38,5 +38,7 @@ <h2>See</h2>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/311">CWE-311 - Missing Encryption of Sensitive Data</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/315">CWE-315 - Cleartext Storage of Sensitive Information in a Cookie</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/614">CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222576">Application Security and
+  Development: V-222576</a> - The application must set the secure flag on session cookies. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2092.json

@@ -45,6 +45,9 @@
       "6.1.1",
       "6.1.2",
       "6.1.3"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222576"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2184.html

@@ -55,11 +55,14 @@ <h3>Compliant solution</h3>
 }
 </pre>
 <h2>Resources</h2>
+<h3>Standards</h3>
 <ul>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/190">CWE-190 - Integer Overflow or Wraparound</a> </li>
   <li> <a href="https://wiki.sei.cmu.edu/confluence/x/AjdGBQ">CERT, NUM50-J.</a> - Convert integers to floating point for floating-point operations
   </li>
   <li> <a href="https://wiki.sei.cmu.edu/confluence/x/I9cxBQ">CERT, INT18-C.</a> - Evaluate integer expressions in a larger size before comparing or
   assigning to that size </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612">Application Security and
+  Development: V-222612</a> - The application must not be vulnerable to overflow attacks. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2184.json

@@ -31,6 +31,9 @@
     ],
     "ASVS 4.0": [
       "5.4.3"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222612"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2226.html

@@ -134,7 +134,10 @@ <h2>Resources</h2>
 <h3>Articles &amp; blog posts</h3>
 <ul>
   <li> <a href="https://www.devinline.com/2013/08/how-to-make-thread-safe-servlet.html">Nikhil Ranjan: How to make thread safe servlet ?</a> </li>
-  <li> <a href="https://objectcomputing.com/resources/publications/sett/april-2000-tips-for-creating-thread-safe-code-avoiding-race-conditions">Object
-  Computing: Tips for creating thread-safe code</a> </li>
+</ul>
+<h3>Standards</h3>
+<ul>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567">Application Security and
+  Development: V-222567</a> - The application must not be vulnerable to race conditions. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2226.json

@@ -24,6 +24,9 @@
   "securityStandards": {
     "CERT": [
       "MSC11-J."
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222567"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2254.html

@@ -49,5 +49,7 @@ <h3>Standards</h3>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication">Top 10 2017 Category A2 - Broken Authentication</a>
   </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/807">CWE-807 - Reliance on Untrusted Inputs in a Security Decision</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222582">Application Security and
+  Development: V-222582</a> - The application must not re-use or recycle session IDs. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2254.json

@@ -28,6 +28,9 @@
     ],
     "OWASP Top 10 2021": [
       "A4"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222582"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2612.html

@@ -73,5 +73,7 @@ <h2>See</h2>
   Create files with appropriate access permissions </li>
   <li> <a href="https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions">CERT, FIO06-C.</a> - Create
   files with appropriate access permissions </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222430">Application Security and
+  Development: V-222430</a> - The application must execute without excessive account permissions. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2612.json

@@ -44,6 +44,9 @@
     ],
     "ASVS 4.0": [
       "4.3.3"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222430"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2647.html

@@ -105,5 +105,7 @@ <h3>Standards</h3>
   <li> <a href="https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html#user-authentication">OWASP Web Service Security
   Cheat Sheet</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/522">CWE-522 - Insufficiently Protected Credentials</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222533">Application Security and
+  Development: V-222533</a> - The application must authenticate all network connected endpoint devices before establishing any connection. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2647.json

@@ -35,6 +35,9 @@
     ],
     "ASVS 4.0": [
       "2.10.3"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222533"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2696.html

@@ -15,4 +15,10 @@ <h3>Noncompliant code example</h3>
   }
 }
 </pre>
+<h2>Resources</h2>
+<h3>Standards</h3>
+<ul>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567">Application Security and
+  Development: V-222567</a> - The application must not be vulnerable to race conditions. </li>
+</ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2696.json

@@ -19,5 +19,10 @@
   "ruleSpecification": "RSPEC-2696",
   "sqKey": "S2696",
   "scope": "Main",
+  "securityStandards": {
+    "STIG ASD 2023-06-08": [
+      "V-222567"
+    ]
+  },
   "quickfix": "unknown"
 }

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2755.html

@@ -150,5 +150,7 @@ <h3>Standards</h3>
   Entities (XXE)</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/611">CWE-611 - Information Exposure Through XML External Entity Reference</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/827">CWE-827 - Improper Control of Document Type Definition</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608">Application Security and
+  Development: V-222608</a> - The application must not be vulnerable to XML-oriented attacks. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2755.json

@@ -39,6 +39,9 @@
     ],
     "ASVS 4.0": [
       "5.5.2"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222608"
     ]
   },
   "quickfix": "infeasible"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2885.html

@@ -41,4 +41,9 @@ <h3>Articles &amp; blog posts</h3>
   <li> <a href="https://www.baeldung.com/java-thread-safety">Baeldung - Thread safety</a> </li>
   <li> <a href="https://www.baeldung.com/java-static">Baeldung - Static</a> </li>
 </ul>
+<h3>Standards</h3>
+<ul>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567">Application Security and
+  Development: V-222567</a> - The application must not be vulnerable to race conditions. </li>
+</ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2885.json

@@ -19,5 +19,10 @@
   "ruleSpecification": "RSPEC-2885",
   "sqKey": "S2885",
   "scope": "Main",
+  "securityStandards": {
+    "STIG ASD 2023-06-08": [
+      "V-222567"
+    ]
+  },
   "quickfix": "unknown"
 }

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2886.html

@@ -68,13 +68,15 @@ <h3>Documentation</h3>
   <li> <a href="https://docs.oracle.com/javase/tutorial/essential/concurrency/syncmeth.html">Oracle Java - Synchronized Methods</a> </li>
   <li> <a href="https://docs.oracle.com/javase/specs/jls/se20/html/jls-8.html#jls-8.4.3.6">Oracle SE 20 - Synchronized Methods</a> </li>
 </ul>
-<h3>Standards</h3>
-<ul>
-  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/4jdGBQ">CERT, VNA01-J.</a> - Ensure visibility of shared references to immutable objects </li>
-</ul>
 <h3>Articles &amp; blog posts</h3>
 <ul>
   <li> <a href="https://web.mit.edu/6.005/www/fa14/classes/18-thread-safety/">MIT - Thread safety</a> </li>
   <li> <a href="https://www.baeldung.com/java-thread-safety">Baeldung - Thread safety</a> </li>
 </ul>
+<h3>Standards</h3>
+<ul>
+  <li> <a href="https://wiki.sei.cmu.edu/confluence/x/4jdGBQ">CERT, VNA01-J.</a> - Ensure visibility of shared references to immutable objects </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567">Application Security and
+  Development: V-222567</a> - The application must not be vulnerable to race conditions. </li>
+</ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2886.json

@@ -23,6 +23,9 @@
   "securityStandards": {
     "CERT": [
       "VNA01-J."
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222567"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3330.html

@@ -39,5 +39,7 @@ <h2>See</h2>
   (XSS)</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/1004">CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag</a> </li>
   <li> Derived from FindSecBugs rule <a href="https://find-sec-bugs.github.io/bugs.htm#HTTPONLY_COOKIE">HTTPONLY_COOKIE</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222575">Application Security and
+  Development: V-222575</a> - The application must set the HTTPOnly flag on session cookies. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3330.json

@@ -38,6 +38,9 @@
     ],
     "ASVS 4.0": [
       "3.4.2"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222575"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3518.html

@@ -44,16 +44,15 @@ <h2>Resources</h2>
 <h3>Documentation</h3>
 <ul>
   <li> <a href="https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/lang/ArithmeticException.html">ArithmeticException</a> </li>
+  <li> <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.2">The Division Operator in the JLS</a> </li>
+  <li> <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.3">The Remainder Operator in the JLS</a> </li>
 </ul>
-<h3>Articles &amp; blog posts</h3>
+<h3>Standards</h3>
 <ul>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/369">CWE-369 - Divide by zero</a> </li>
   <li> <a href="https://wiki.sei.cmu.edu/confluence/x/CTZGBQ">CERT, NUM02-J.</a> - Ensure that division and remainder operations do not result in
   divide-by-zero errors </li>
-</ul>
-<h3>Standards</h3>
-<ul>
-  <li> <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.2">The Division Operator in the JLS</a> </li>
-  <li> <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-15.html#jls-15.17.3">The Remainder Operator in the JLS</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222612">Application Security and
+  Development: V-222612</a> - The application must not be vulnerable to overflow attacks. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S3518.json

@@ -29,6 +29,9 @@
     ],
     "CWE": [
       369
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222612"
     ]
   },
   "quickfix": "infeasible"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S4502.html

@@ -57,5 +57,7 @@ <h2>See</h2>
   <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration">Top 10 2017 Category A6 - Security
   Misconfiguration</a> </li>
   <li> <a href="https://owasp.org/www-community/attacks/csrf">OWASP: Cross-Site Request Forgery</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222603">Application Security and
+  Development: V-222603</a> - The application must protect from Cross-Site Request Forgery (CSRF) vulnerabilities. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S4502.json

@@ -39,6 +39,9 @@
     "ASVS 4.0": [
       "13.2.3",
       "4.2.2"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222603"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S4830.html

@@ -70,6 +70,8 @@ <h3>Standards</h3>
   <li> OWASP - <a href="https://mobile-security.gitbook.io/masvs/security-requirements/0x10-v5-network_communication_requirements">Mobile AppSec
   Verification Standard - Network Communication Requirements</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/295">CWE-295 - Improper Certificate Validation</a> </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550">Application Security and
+  Development: V-222550</a> - The application must validate certificates by constructing a certification path to an accepted trust anchor. </li>
   <li> <a
   href="https://wiki.sei.cmu.edu/confluence/display/java/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+algorithms">https://wiki.sei.cmu.edu/confluence/display/java/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+algorithms</a> </li>
 </ul>

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S4830.json

@@ -56,6 +56,9 @@
     "ASVS 4.0": [
       "1.9.2",
       "9.2.1"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222550"
     ]
   },
   "quickfix": "unknown"

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5332.html

@@ -119,21 +119,51 @@ <h2>Exceptions</h2>
   <li> Insecure protocol scheme followed by loopback addresses like 127.0.0.1 or <code>localhost</code>. </li>
 </ul>
 <h2>See</h2>
+<h3>Documentation</h3>
 <ul>
+  <li> AWS Documentation - <a href="https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html">Listeners for
+  your Application Load Balancers</a> </li>
+  <li> AWS Documentation - <a
+  href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesis-stream-streamencryption.html">Stream Encryption</a>
+  </li>
+</ul>
+<h3>Articles &amp; blog posts</h3>
+<ul>
+  <li> Google - <a href="https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html">Moving towards more secure web</a> </li>
+  <li> Mozilla - <a href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/">Deprecating non secure http</a> </li>
+</ul>
+<h3>Standards</h3>
+<ul>
+  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data
+  Exposure</a> </li>
   <li> OWASP - <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">Top 10 2021 Category A2 - Cryptographic Failures</a> </li>
-  <li> OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data Exposure
-  </a> </li>
   <li> OWASP - <a href="https://mobile-security.gitbook.io/masvs/security-requirements/0x10-v5-network_communication_requirements">Mobile AppSec
   Verification Standard - Network Communication Requirements</a> </li>
   <li> OWASP - <a href="https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication">Mobile Top 10 2016 Category M3 - Insecure
   Communication</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/200">CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor</a> </li>
   <li> CWE - <a href="https://cwe.mitre.org/data/definitions/319">CWE-319 - Cleartext Transmission of Sensitive Information</a> </li>
-  <li> <a href="https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html">Google, Moving towards more secure web</a> </li>
-  <li> <a href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/">Mozilla, Deprecating non secure http</a> </li>
-  <li> <a href="https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html">AWS Documentation</a> - Listeners
-  for your Application Load Balancers </li>
-  <li> <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesis-stream-streamencryption.html">AWS
-  Documentation</a> - Stream Encryption </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397">Application Security and
+  Development: V-222397</a> - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222534">Application Security and
+  Development: V-222534</a> - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS. </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222562">Application Security and
+  Development: V-222562</a> - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of
+  maintenance and diagnostic communications. </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222563">Application Security and
+  Development: V-222563</a> - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of
+  maintenance and diagnostic communications. </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222577">Application Security and
+  Development: V-222577</a> - The application must not expose session IDs. </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222596">Application Security and
+  Development: V-222596</a> - The application must protect the confidentiality and integrity of transmitted information. </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222597">Application Security and
+  Development: V-222597</a> - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect
+  changes to information during transmission. </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222598">Application Security and
+  Development: V-222598</a> - The application must maintain the confidentiality and integrity of information during preparation for transmission.
+  </li>
+  <li> STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222599">Application Security and
+  Development: V-222599</a> - The application must maintain the confidentiality and integrity of information during reception. </li>
 </ul>
 

sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S5332.json

@@ -44,6 +44,17 @@
       "1.9.1",
       "9.1.1",
       "9.2.2"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222397",
+      "V-222534",
+      "V-222562",
+      "V-222563",
+      "V-222577",
+      "V-222596",
+      "V-222597",
+      "V-222598",
+      "V-222599"
     ]
   },
   "quickfix": "unknown"