Viewing a project security report

This feature is only available in the Enterprise plan.

Security reports help you understand where you may have issues related to the following security standards:

• PCI DSS 4.0 
• OWASP ASVS 4.0 Level 1, 2, 3
• OWASP Top 10 - 2021 
• CWE Top 25 - 2023
• CASA
• STIG

You can view the security report of any branch (main, long-lived, or short-lived) of your project. For a given standard, it displays the number of raised security issues and hotspots by security category. Only the security rules activated in the project’s quality profiles are taken into account.

Viewing the security reports of a project branch

1. Retrieve the project.
2. Select the project branch you want to view:
   • For the main branch: In the left-side panel, select Main Branch.
   • For another branch: In the left-side panel, select Branches, and, on the Branches page, select the long-lived or short-lived branch.
3. Go to Security Reports.
4. Select the security standard. The grid displays the number of raised issues and hotspots by security category.
5. Select a number in the grid to view the corresponding raised security issues or hotspots.

Checking the security rules included in a project’s quality profile

1. Retrieve the project and go to Information.

2. In About This Project > Quality profiles used, select a quality profile. The quality profile page opens.

3. In the quality profile, select the active security rules. 

4. In the left-side panel, navigate to the Security Category filter criteria and select a standard to view the categories covered by SonarCloud analysis.