Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-16123

Display OWASP Top 10 2021 in Security Report

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.4
    • Component/s: None
    • Labels:
      None
    • Edition:
      Enterprise
    • Production Notes:
      None

      Description

      We want to display the new OWASP Top 10 2021 data in the Security Report.

      UI updates

      Add a combobox to select OWASP Top 10 edition on Security Reports page. The combobox should work in a similar way to the one on the CWE Top 25 tab. The OWASP editions in the combobox should be sorted by year, in descending order. Select the latest as the default (2021 in this case).
       

      WS updates

      Add a new optional "version" (String) field for each category in the api/security_reports/show payload. This will allow the frontend to group categories by version, in this case OWASP Top 10 2021.

      For OWASP, use the year as the version (example: "version": "2017").

      Example payload:

      {
        "categories": [
          {
            "version": "2021"
            "category": "A1",       
            "vulnerabilities": 3,
            "vulnerabilityRating": 5,
            "toReviewSecurityHotspots": 10,
            "reviewedSecurityHotspots": 0,
            "securityReviewRating": 5,
            "distribution": [
              {
                "cwe": "20",
                "vulnerabilities": 3,
                "vulnerabilityRating": 5,
                "toReviewSecurityHotspots": 0,
                "reviewedSecurityHotspots": 0,
                "securityReviewRating": 1,
                "activeRules": 40,
                "totalRules": 41,
                "hasMoreRules": false
              },
              //cut               ],
            "activeRules": 44,
            "totalRules": 44,
            "hasMoreRules": false
          }
        ]
      }

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mathieu.suen Mathieu Suen
              Reporter:
              lukasz.jarocki Łukasz Jarocki
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: