Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-12213

Clarify the distribution of vulnerabilites and hotspots in Security Reports

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.9
    • Component/s: None
    • Edition:
      Enterprise
    • Production Notes:
      None

      Description

      In the Security Reports, as explained in a tooltip on the categories label:
      "Vulnerabilities and Hotspots may map to multiple categories. For this reason the total number of Vulnerabilities and Security Hotspots in this report might be superior to project metrics."

      Still, the difference between the total number of vulnerabilities/hotspots and the counts displayed in the table can be confusing.

      • First, on portfolio, the main explanation should be fixed:
        Track the Vulnerabilities and Security Hotspots in your project portfolio
      • We should then make it clear that "OWASP Top10" and "SANS Top 25" consists in a filtered view.
        In each tab, we can display an additional explanation.
        Ex:
        Vulnerabilities and Security Hotspots conforming to OWASP Top 10 standard
        Vulnerabilities and Security Hotspots conforming to SANS Top 25 standard
      • In portfolios, the total number of vulnerabilities and hotspots is not really helpful and is a more a repetition of what can already by found in the project overview.
        Since it can adds confusion, we should simplify the view and rather display:
        • the ratings only at portfolio level
          • Security Vulnerabilities
          • Security Hotspots Review
        • nothing at project level

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jeremy.davis Jeremy Davis
              Reporter:
              christophe.levis Christophe Levis
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: