Hi, I´m have the next question: When would the new OWASP TOP 10 2021 rules in sonarCloud be updated?. In the documentation of OWASP exist the new rules in last release : OWASP Top 10:2021
1 Like
im have the same question,
maybe a tip, can be use the cwe, as referer .
Best Regards
Hello,
I think it’s important to clarify that the various OWASP Top 10 20xx hopefully don’t list new rules each year. The OWASP Top 10 report is a snapshot of the mistakes commonly done by developers in the past grouped together into categories so it’s more convenient. Because behaviors take time to adjust, you will retrieve in the various OWASP Top 10 versions always the same culprits (Injections, XSS, Misconfigurations, …) just grouped differently.
In itself, SonarCloud security engines already allow you to detect these mistakes and should participate to make SQL Injections, for example, a less common vulnerability in the industry.
That said, can you confirm what you would expect to see in SonarCloud is a way to filter by OWASP Top 2021 in the Security Category section of the Issues page, like this:
Thanks
Alex
1 Like