Security Reports
SonarQube Cloud's security reports give you the big picture of your application’s security. They allow you to know where you stand compared to the most common security mistakes.
Security reports are available in the SonarQube Cloud Enterprise plan.
What do security reports show?
Security reports quickly give you the big picture of your application’s security. They allow you to know where you stand compared to the most common security mistakes made in the past:
OWASP Top 10 (versions 2021 and 2017)
CWE Top 25 (versions 2024, 2023, 2022, and 2021)
PCI DSS (versions 4.0 and 3.2.1)
They represent the bare minimum to comply with for anyone putting in place a secure development lifecycle.
Make sure the relevant security rules are activated in your quality profiles; otherwise, your security reports will not be reliable. For instance, if no rule corresponding to a given OWASP category is activated in your quality profile, you won’t get issues or hotspots linked to that specific category in the OWASP report.
Related pages
Last updated
Was this helpful?