aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcynthiabethea <108268296+cynthiabethea@users.noreply.github.com>2022-10-13 11:01:03 +0100
committersonartech <sonartech@sonarsource.com>2022-10-13 20:03:18 +0000
commit4b0a6624cf22a91c22f7c73f7a8fd6ec49a9d206 (patch)
tree8aabc8ef887c1f769dfa7a62dbd90006c9852477
parent604938c43114902c83638e4ea57707fa23535550 (diff)
downloadsonarqube-4b0a6624cf22a91c22f7c73f7a8fd6ec49a9d206.tar.gz
sonarqube-4b0a6624cf22a91c22f7c73f7a8fd6ec49a9d206.zip
DOC-191 Update security standards section (#6851)
-rw-r--r--server/sonar-docs/src/pages/user-guide/security-rules.md10
1 files changed, 7 insertions, 3 deletions
diff --git a/server/sonar-docs/src/pages/user-guide/security-rules.md b/server/sonar-docs/src/pages/user-guide/security-rules.md
index 2d3fbb09932..36456e385c7 100644
--- a/server/sonar-docs/src/pages/user-guide/security-rules.md
+++ b/server/sonar-docs/src/pages/user-guide/security-rules.md
@@ -23,9 +23,13 @@ With Hotspots, we want to help developers understand information security risks,
## Which security-standards are covered?
Our security rules are classified according to well-established security-standards such as:
-* [CWE](https://cwe.mitre.org/): SonarQube is a CWE compatible product [since 2015](https://cwe.mitre.org/compatible/questionnaires/33.html).
-* [OWASP Top 10 ](https://www.owasp.org/index.php/Top_10-2017_Top_10))
-* [SANS Top 25 - outdated](https://www.sans.org/top25-software-errors/)
+* [CWE Top 25](https://cwe.mitre.org/top25/): SonarQube is a CWE compatible product [since 2015](https://cwe.mitre.org/compatible/questionnaires/33.html).
+* [PCI DSS](https://www.pcisecuritystandards.org/) (versions 4.0 and 3.2.1)
+* [OWASP Top 10 ](https://owasp.org/Top10/)
+* [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) (version 4.0)
+
+[[warning]]
+| The SANS Top 25 report is based on outdated statistics and should no longer be used. Instead, we recommend using the CWE Top 25 reports.
The standards to which a rule relates will be listed in the **See** section at the bottom of the rule description. More generally, you can search for a rule on [rules.sonarsource.com](https://rules.sonarsource.com/):
* [Java-vulnerability-issue-type](https://rules.sonarsource.com/java/type/Vulnerability): all vulnerability rules for Java language.