Viewing portfolio security reports
Your SonarQube Cloud porfolio's security reports page provides an aggregated view of security ratings across projects in the portfolio.
This feature is only available in the Enterprise plan.
Overview
Portfolio security reports provide an aggregated view of your organization’s security across multiple projects. They are aimed at enterprise security teams, compliance and audit teams, and IT administrators who manage multiple projects and require an in-depth view of their enterprise security status.
Portfolio security reports are based on the following security standards:
OWASP Top 10 (versions 2021 and 2017)
CWE Top 25 (versions 2024, 2023, 2022, and 2021)
PCI DSS (versions 4.0 and 3.2.1)
You can view security reports for any portfolio that contains projects that have previously undergone an analysis. For a given standard, the report displays the number of raised Security issues and Security Hotspots by security category.
Retrieving portfolio security reports
Retrieve your portfolio. See Viewing portfolios for more information.
Click on the Security Reports tab to open the report.
The portfolio report displays:
Security standards can be filtered in the left sidebar. Select a security standard to filter the results.
The Security reports overview and filtered standard are found in the main window.
Your Security reports overview is at the top of the page which includes your Portfolio overall Security rating and Portfolio overall Security Review rating.
This section shows the full number of Security issues and Security Hotspots that need to be addressed for your selected Security standard. The report results are generated based on relevant active security rules for projects in your portfolio.
A list of Categories that contain Security issues and Security Hotspots fitting each category are sorted by rating. Select a Category row from the table to open a category specific report. Note that a single Security issue or Security Hotspot may show up in more than one category.

Related pages
Introduction to Viewing the enterprise reports
Last updated
Was this helpful?