SonarQube version: 7.3 Community License
Some issues are not included in Security Reports after analysis, it display inside the Not OWASP group even they are tagged as owasp-a1...10 as screenshot below.
Why is it like that? What kind of issue that will be included to the Security Reports?
Hello,
Security Reports are only fed by a few analyzers. As of now: SonarJava, SonarC#, SonarTSQL, SonarSwift, SonarKotlin.
Coming soon, SonarPLSQL, SonarRuby and SonarScala will also feed the Security Reports.
Release after release, we make the analyzers compatible with this new feature introduced with SQ 7.3
I created https://github.com/SonarSource/SonarJS/issues/1112 to not forget to enable this feature for SonarJS.
Regards
Thank you Alexandre.
