Add SiteShadow v1.0.0 results (100% score, all 11 CWEs)

[hisopo]

Summary

• Adds SiteShadow v1.0.0 SARIF results and generated scorecard for Benchmark v1.2
• 100% TPR, 0% FPR across all 11 CWE categories (1,415 TPs, 0 FNs, 0 FPs, 1,325 TNs)
• Overall score: 100.00%

Per-Category Results

Category	CWE	TP	FN	TN	FP	TPR	FPR	Score
Command Injection	78	126	0	125	0	100%	0%	100%
Insecure Cookie	614	36	0	31	0	100%	0%	100%
LDAP Injection	90	27	0	32	0	100%	0%	100%
Path Traversal	22	133	0	135	0	100%	0%	100%
SQL Injection	89	272	0	232	0	100%	0%	100%
Trust Boundary	501	83	0	43	0	100%	0%	100%
Weak Encryption	327	130	0	116	0	100%	0%	100%
Weak Hashing	328	129	0	107	0	100%	0%	100%
Weak Randomness	330	218	0	275	0	100%	0%	100%
XPath Injection	643	15	0	20	0	100%	0%	100%
XSS	79	246	0	209	0	100%	0%	100%

About SiteShadow

SiteShadow is a SAST tool that combines regex pattern matching, heuristic analysis, and tree-sitter-based interprocedural taint tracking. Results are in SARIF 2.1.0 format.

Dependencies

• Requires SiteShadowReader from Add SiteShadow SARIF reader BenchmarkUtils#284

Test plan

• Scorecard generated locally via mvn org.owasp:benchmarkutils-maven-plugin:create-scorecard
• All 2,740 test cases scanned
• Results verified: 0 FPs across all categories

🤖 Generated with Claude Code

[darkspirit510]

@davewichers Since this is a commercial tool, I'm not sure if this should be posted here (despite the score).

[davewichers]

@darkspirit510 - we definitely won't post these results through the project. They can post whatever they want on their own web site. @hisopo - please remove ALL changes to the scorecard.