Hello everyone,
We are excited to share that we’ve expanded the coverage of our Security Reports in SonarQube Cloud Enterprise!
As the threat landscape evolves, especially with the rapid adoption of AI and mobile technologies, staying compliant means moving beyond traditional web vulnerabilities. To help you stay ahead, we have integrated five major new security standards into both Project and Portfolio level security reports for our Enterprise users.
What’s new?
- OWASP Top 10 2025: Keep up with the most recent shift in critical web risks, including the latest guidance on software supply chain integrity and broken access control.
- OWASP Top 10 for LLM (New!): Specifically designed for the AI era. This report surfaces risks unique to Large Language Models, such as prompt injection and insecure output handling.
- OWASP MASVS (New!): The Mobile Application Security Verification Standard. A dedicated view for mobile developers to ensure their iOS and Android apps meet industry-standard security requirements.
- OWASP ASVS 5.0: The latest iteration of the Application Security Verification Standard, providing a technical framework for rigorous security testing and verification.
- STIG ASD_V6: Updated support for the DISA Application Security and Development STIG, essential for organizations requiring high-level compliance for government and defense-related projects.
Where to find it
Navigate to your Project or Portfolio, select the Security Reports tab, and use the standard left-hand selection to browse the security standards, or download them as a PDF report.
We are constantly refining our security engines to match these evolving standards. We’d love to know: which of these new standards is most critical for your team this year? Let us know in the comments!
-Simone
P.S.: Want to chat about your security management needs? Feel free to book a call with me (a Product Manager) to share more about your use cases: Calendar Booking Link