We are evaluating a move from SonarCloud to GitHub to manage the detection of security vulnerabilities.
At present, we analyse using BitBucket pipelines and push the results to sonarcloud.io
The results shown in sonarcloud are categorised into a number of areas and one of these is OWASP TOP 10. This category is extremely useful to us as we have compliance requirements to address issues in this area.
Is there a way that GitHub code scanning can also mark issues as OWASP related?