Hello,
We are pleased to announce the addition of DISA Application Security and Development (ASD) STIG and Cloud Application Security Assessment (CASA) security reports to the SonarCloud Enterprise plan. They will also be coming soon to SonarQube in the Enterprise and Data Center editions.
With CASA’s risk-based framework aligned to OWASP ASVS standards, you can strengthen your app security posture, especially for those handling sensitive data:
The ASD STIG is used to improve the security of Department of Defense (DoD) information systems:
We intend to add downloadable PDFs for security reports in SonarCloud in the future.
As ever, please let us know if you have any feedback or questions.