Open Worldwide Application Security Project

OWASP security vulnerabilities covered

Thoroughly convey the OWASP most critical security risks facing organizations to improve security software posture for designing, developing and deploying software securely. See issues in the OWASP Top 10 and ASVS 4.0 most critical security risk categories in your applications and start detecting security issues.

Start free trial

OWASP/CWE Top 25 Security Reports in Projects and Portfolios

- Dedicated reports to track application security against categories of the OWASP and CWE Top 25 standards


- Shortens the Security Vulnerability feedback loop and helps developers fix security holes faster


- Export a PDF of the top reports

See Enterprise Features

By raising OWASP Top 10-related security vulnerability issues to developers early in the process, Sonar helps you protect your systems, your data and your users.

Chart of the OWASP Top Ten

use OWASP standards to empower developers to own Code Security

Application security starts with code; Sonar helps you own it.

get early SAST feedback and a guided developer experience

SAST analysis of Pull Requests helps empower developers by shifting security left and presenting OWASP Security Vulnerabilities as early as possible in your process - when the code is fresh in mind and the fix is still easy.


The issue visualizer is crafted for clarity so developers easily understand the problem flow across methods and from file to file.


In-app guidance helps developers really understand the problem so they can craft the most secure fix.

Sonar provides early SAST feedback around the number of Bugs, Vulnerabilities and code smells in your project

use taint analysis to chase down the bad actors

Application security comes from making sure that data is sanitized before hitting critical system parts (Database, File System, OS, etc.)


Taint analysis - it's the ability to track untrusted user input throughout the execution flow from the vulnerability source to the code location (‘sink’) where the compromise occurs.


Configure your taint analysis by declaring the custom frameworks you use to capture user input and/or to persist it.

Visual Represents taint analysis

track OWASP compliance across security standards

Dedicated reports track project security against the OWASP Top 10, ASVS 4.0 and CWE Top 25 standards.


The Sonar Security Report facilitates communication by categorizing vulnerabilities in terms developers understand.


Track compliance at Project or Portfolio level and differentiate Vulnerability fixes from Security Hotspot Reviews.

Image shows security hotspot vulnerabilities based off of the WASP top 10

PDF downloads for reporting

The security reports' PDF export includes the project security overview and the top security reports.

Sonar Allows you to generate PDF reports of your projects overall health
SONAR OWASP FEATURES

Achieve OWASP Top 10 standards

Enable developers to produce software that is secure, reliable, and maintainable through Sonar’s comprehensive suite of tools and features to help developers and organizations ensure that their applications are secure against common vulnerabilities.

SAST analysis

The SAST analysis is capable of identifying patterns in the source code that may lead to access control issues, such as missing authentication checks or improper configuration of role-based access controls.

custom rules and configurations

Create custom rules and configurations that can be tailored to the specific security standard requirements of a project. This flexibility ensures that the analysis can be as precise and relevant as possible, aiding in the accurate detection and remediation of coding issues.

secure code review

Execute secure code review processes by analyzing pull requests for potential security issues. Identifying these issues early in the development cycle helps in maintaining a high level of application security and adherence to the OWASP standards.

continuous inspection

Continuous inspection of code quality helps in early detection and remediation of security issues. Sonar’s continuous analysis and monitoring feature ensures that the codebase remains compliant with security standards including OWASP Top 10, and any new code that introduces potential code issues is promptly identified.

start cleaning the OWASP Top 10 issues in your code now!

从开源开始Start Free Enterprise Trial
  • 法律文件
  • 信任中心
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA。保留所有权利。SONAR、SONARSOURCE、SONARQUBE、 和 CLEAN AS YOU CODE 是 SonarSource SA 的商标。