*Security Reports are available starting in [Enterprise Edition](https://redirect.sonarsource.com/editions/enterprise.html).*
## What do Security Reports show?
-Security Reports quickly give you the big picture on your application's security, with breakdowns of just where you stand in regard to each of the [OWASP Top 10](https://www.owasp.org/index.php/Top_10-2017_Top_10), both [CWE Top 25 2019](https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html) and [CWE Top 25 2020](https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html), and [CWE](https://cwe.mitre.org/) -specific details.
+Security Reports quickly give you the big picture on your application's security. They allow you to know where you stand compared to the most common security mistakes made in the past: [OWASP Top 10 2021](https://owasp.org/Top10/), [OWASP Top 10 2017](https://owasp.org/www-project-top-ten/2017), [CWE Top 25 2021](https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html), [CWE Top 25 2020](https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html), and [CWE Top 25 2019](https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html). They represent a bare minimum to comply with for anyone putting in place secure development lifecycle.
[[warning]]
| The SANS Top 25 report is based on outdated statistics and should no longer be used. Instead, we recommend using the CWE Top 25 reports.
- the number of open Vulnerabilities and the Security Rating on both overall code and new code.
- the number of Security Hotspots, the percentage of reviewed Security Hotspots, and the Security Review rating on both overall and new code.
-- your SonarSource, OWASP Top 10, and CWE Top 25 2020 reports.
\ No newline at end of file
+- your SonarSource, OWASP Top 10, and CWE Top 25 2020 reports.
projects / sonarqube.git / commitdiff