OWASP Top 10 A9 categorization for Sonatype findings in SSC
derek-sonatype opened this issue · 1 comments
Thanks for creating an issue! Please fill out this form so we can be
sure to have all the information we need, and to minimize back and forth.
-
What are you trying to do?
In the OWASP Top 10 2017 view in SSC, Sonatype findings show up as "not set" instead of under the A9 category. -
What feature or behavior is this required for?
required for OWASP Top 10 reporting -
How could we solve this issue? (Not knowing is okay!)
Determine how the Sonatype findings fill in the attribute needed when they are sent to SSC -
Anything else?
Nope
custom SSC rulepack added to the distribution bundle: instructions on how to install are in comments inside the file
https://github.com/sonatype-nexus-community/iq-fortify-parser/blob/master/sonatype-fortify-bundle/src/sonatype-ssc-rulepack.xml