SonarQube CWE Top 25 Panel

The CWE (Common Weakness Enumeration) Top 25 report is a critical tool for developers, security professionals, and project managers who aim to identify and mitigate the most dangerous software weaknesses. These vulnerabilities are known to cause serious risks, including the potential for security breaches, system crashes, and unauthorized access.

What the Report Shows

The report displays detailed evidence collected from SonarQube, a popular code quality and security analysis tool. The data includes:

1. ID: A unique identifier for each weakness, which corresponds to the CWE database.

2. Name: The specific name of the weakness, providing a quick reference to the type of vulnerability.

3. Category Rating: An assessment of the severity and potential impact of the weakness. Ratings are typically categorized (e.g., A, E) to help prioritize remediation efforts.

4. Vulnerabilities: A breakdown of the number of vulnerabilities detected.

5. Hotspots to Review: Areas of the code that have been flagged for further manual inspection, helping to identify potential security concerns that automated analysis might miss.