sonatype-nexus-community/iq-fortify-parser

OWASP Top 10 A9 categorization for Sonatype findings in SSC

derek-sonatype opened this issue · 1 comments

derek-sonatype commented

Thanks for creating an issue! Please fill out this form so we can be
sure to have all the information we need, and to minimize back and forth.

  • What are you trying to do?
    In the OWASP Top 10 2017 view in SSC, Sonatype findings show up as "not set" instead of under the A9 category.

  • What feature or behavior is this required for?
    required for OWASP Top 10 reporting

  • How could we solve this issue? (Not knowing is okay!)
    Determine how the Sonatype findings fill in the attribute needed when they are sent to SSC

  • Anything else?
    Nope

hboutemy commented

custom SSC rulepack added to the distribution bundle: instructions on how to install are in comments inside the file
https://github.com/sonatype-nexus-community/iq-fortify-parser/blob/master/sonatype-fortify-bundle/src/sonatype-ssc-rulepack.xml