Hi,
I’m using Sonar 7.4 with an external analyser (Banditp) for python source code analysis, and I want to map the identified issues to the OWASP Top 10 report.
Is there a way to do this from the GUI ?
Is it possible to feed the security report (OWASP top10) with issues identified by an external analyzer ?
Thanks for your help,
Hi,
For this to work, 2 things are going to have to happen:
You can change the type of an individual issue (but not a rule), but you cannot manually feed the standards data into the issues, so changes would be needed in the plugin.
Ann
Thanks for you reply and the useful information.
Hi again,
I’ve created a test rule using a custom plugin, but I can’t get my issue in the OWASP Top 10 security report.
My rule is listed as a vulnerability (see SQL Injection)
But appear as “not OWASP Vulnerability” in the OWASP Top 10 report.
Bellow are details about this rule :
Source code to create the rule :
Thanks for your help.
Hi,
I’m not sure what the code for #2 looks like, but nothing in your code sample jumps out as me as being what’s needed. What’s shown in your screenshots is tags. Standards are a different field.
Ann
I’s Ok, I was using an outdated version of sonar API. I’ve mapped the created issue to the OWASP top 10 report using this method :
Again, thanks for your help !
