From 455545eeaf8608c62e490414a35b1b56dc64631d Mon Sep 17 00:00:00 2001
From: Victoria <kaysa.vps@gmail.com>
Date: Thu, 26 Feb 2026 13:31:12 +0100
Subject: [PATCH] feat(compliance): add CWEs verification for sast analysis

Signed-off-by: Victoria <kaysa.vps@gmail.com>
---
 .github/workflows/contracts/chainloop-vault-codeql.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/contracts/chainloop-vault-codeql.yaml b/.github/workflows/contracts/chainloop-vault-codeql.yaml
index 0dadc0ad7..f002d5119 100644
--- a/.github/workflows/contracts/chainloop-vault-codeql.yaml
+++ b/.github/workflows/contracts/chainloop-vault-codeql.yaml
@@ -19,8 +19,11 @@ spec:
           check_author_verified: yes
         requirements:
           - chainloop-best-practices/commit-signed
+    materials:
+      - ref: owasp-top10-2025
   policyGroups:
     - ref: slsa-checks
       with:
         runner: GITHUB_ACTION
     - ref: sast
+    - ref: cwes