SonarQube OWASP ASVS Panel

Owned by Carlos Sánchez Prieto
2024-07-23
2 min read

The OWASP Application Security Verification Standard (ASVS) 4.0.3 report is an essential tool for developers, security auditors, and IT managers who aim to ensure that their applications meet a rigorous set of security standards. The OWASP ASVS provides a framework of security requirements that can be used to design, develop, and test secure web applications.

What the Report Shows

The report displays detailed evidence collected from SonarQube, a leading code quality and security analysis tool. The data includes:

  1. ID: A unique identifier for each requirement, corresponding to the OWASP ASVS 4.0.3 standard.

  2. Name: The specific name of the requirement, providing a quick reference to the security control or practice.

  3. Category Rating: An assessment of the requirement's importance and potential impact on the application's security. Ratings are typically categorized (e.g., A, E) to help prioritize efforts.

  4. ASVS Chapters: For each ASVS chapter, the report shows:

    • Failed Requirements: The number of ASVS requirements that the application has failed.

    • Passed Requirements: The number of ASVS requirements that the application has passed.

    • Not Computed Requirements: The number of ASVS requirements that were not applicable or could not be computed.

  5. Vulnerabilities: A breakdown of the number of vulnerabilities detected.

  6. Hotspots to Review: Specific areas of the code flagged for further manual inspection, helping to identify potential security issues that automated analysis might miss.

 

You can create Jira issues based on this vulnerabilities and hotspots as you could from issues breakdown.

 

image-20240723-104630.png

 

image-20240723-104651.png

Â