I’m using Sonar 7.4 with an external analyser (Banditp) for python source code analysis, and I want to map the identified issues to the OWASP Top 10 report.
Is there a way to do this from the GUI ?
Is it possible to feed the security report (OWASP top10) with issues identified by an external analyzer ?
For this to work, 2 things are going to have to happen:
issues are raised as Hotspots or Vulnerabilities
the “standards” (OWASP mappings) are fed for the issues
You can change the type of an individual issue (but not a rule), but you cannot manually feed the standards data into the issues, so changes would be needed in the plugin.
I’m not sure what the code for #2 looks like, but nothing in your code sample jumps out as me as being what’s needed. What’s shown in your screenshots is tags. Standards are a different field.