diff options
author | cynthiabethea <108268296+cynthiabethea@users.noreply.github.com> | 2022-10-13 11:01:03 +0100 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2022-10-13 20:03:18 +0000 |
commit | 4b0a6624cf22a91c22f7c73f7a8fd6ec49a9d206 (patch) | |
tree | 8aabc8ef887c1f769dfa7a62dbd90006c9852477 | |
parent | 604938c43114902c83638e4ea57707fa23535550 (diff) | |
download | sonarqube-4b0a6624cf22a91c22f7c73f7a8fd6ec49a9d206.tar.gz sonarqube-4b0a6624cf22a91c22f7c73f7a8fd6ec49a9d206.zip |
DOC-191 Update security standards section (#6851)
-rw-r--r-- | server/sonar-docs/src/pages/user-guide/security-rules.md | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/server/sonar-docs/src/pages/user-guide/security-rules.md b/server/sonar-docs/src/pages/user-guide/security-rules.md index 2d3fbb09932..36456e385c7 100644 --- a/server/sonar-docs/src/pages/user-guide/security-rules.md +++ b/server/sonar-docs/src/pages/user-guide/security-rules.md @@ -23,9 +23,13 @@ With Hotspots, we want to help developers understand information security risks, ## Which security-standards are covered? Our security rules are classified according to well-established security-standards such as: -* [CWE](https://cwe.mitre.org/): SonarQube is a CWE compatible product [since 2015](https://cwe.mitre.org/compatible/questionnaires/33.html). -* [OWASP Top 10 ](https://www.owasp.org/index.php/Top_10-2017_Top_10)) -* [SANS Top 25 - outdated](https://www.sans.org/top25-software-errors/) +* [CWE Top 25](https://cwe.mitre.org/top25/): SonarQube is a CWE compatible product [since 2015](https://cwe.mitre.org/compatible/questionnaires/33.html). +* [PCI DSS](https://www.pcisecuritystandards.org/) (versions 4.0 and 3.2.1) +* [OWASP Top 10 ](https://owasp.org/Top10/) +* [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) (version 4.0) + +[[warning]] +| The SANS Top 25 report is based on outdated statistics and should no longer be used. Instead, we recommend using the CWE Top 25 reports. The standards to which a rule relates will be listed in the **See** section at the bottom of the rule description. More generally, you can search for a rule on [rules.sonarsource.com](https://rules.sonarsource.com/): * [Java-vulnerability-issue-type](https://rules.sonarsource.com/java/type/Vulnerability): all vulnerability rules for Java language. |