TOP 10 OWASP reveals a DASH -, what does the Dash - Mean?

We have a code set that needs to be scanned. We have scanned it against the OWASP Top 10, Under Vulnerabilities and Hotspots the score is a “-”, the security group is asking the developers what the dash means. I have searched the documentation but can seem to find anything about the dash, the result should be a grade A-E. Has anyone else seen this? What does it mean, but more importantly is there a KB that authoritatively describes this? I have uploaded a snippet where “A6 vulnerable and outdated components” returned a -.

Hi,

Welcome to the community!

Typically, ‘-’ indicates no data. Do you have any rules relevant to A6 enabled in your profile?

 
Ann

Thanks for the response, Keep in mind I am coming from the user side of the equation, My guess is that the rules are set up by Cyber Security, as it is their tool. So is it not true that if we chose the OWASP top 10 that all of the rules for OWASP top 10 are not configured?

Hi,

I’m not sure what choice you’re referring to, but out of the box, there’s no OWASP Top 10 profile. We enable by default the rules we feel will be valuable to most people, but that doesn’t mean that everything related to OWASP Top 10 is on by default.

 
HTH,
Ann