OWASP

OWASP top 10 - we’ve got you covered!

See issues in the 10 most critical security risk categories in your web applications and start detecting security issues in SonarQube today.

Start Free Trial -->

OWASP/CWE Top 25 Security Reports in Projects and Portfolios

- Dedicated reports to track application security against categories of the OWASP and CWE Top 25 standards


- Shortens the Security Vulnerability feedback loop and helps developers fix security holes faster


- Export a PDF of the top reports

By raising OWASP Top 10-related issues to developers early in the process, Sonar helps you protect your systems, your data and your users.

Chart of the OWASP Top Ten

we believe in empowering developers to own Code Security

Application security starts with code; Sonar helps you own it.

get early SAST feedback and a guided developer experience

SAST analysis of Pull Requests helps empower developers by shifting security left and presenting Security Vulnerabilities as early as possible in your process - when the code is fresh in mind and the fix is still easy.


The issue visualizer is crafted for clarity so developers easily understand the problem flow across methods and from file to file.


In-app guidance helps developers really understand the problem so they can craft the most secure fix.

Sonar provides early SAST feedback around the number of Bugs, Vulnerabilities and code smells in your project

use taint analysis to chase down the bad actors

Application security comes from making sure that data is sanitized before hitting critical system parts (Database, File System, OS, etc.)


Taint analysis - it's the ability to track untrusted user input throughout the execution flow from the vulnerability source to the code location (‘sink’) where the compromise occurs.


Configure your taint analysis by declaring the custom frameworks you use to capture user input and/or to persist it.

Visual Represents taint analysis

track compliance across security standards

Dedicated reports track project security against the OWASP Top 10 and CWE Top 25 standards.


The Sonar Security Report facilitates communication by categorizing vulnerabilities in terms developers understand.


Track compliance at Project or Portfolio level and differentiate Vulnerability fixes from Security Hotspot Review.

Image shows security hotspot vulnerabilities based off of the WASP top 10

PDF downloads for reporting

The security reports' PDF export includes the project security overview and the top security reports.

Sonar Allows you to generate PDF reports of your projects overall health
Background image of bits of code connecting to each other

start cleaning the the OWASP Top 10 issues in your code now!

Start with open source -->Explore all editions -->
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2023, SonarSource S.A, Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.