Code scanning and OWASP TOP 10

We are evaluating a move from SonarCloud to GitHub to manage the detection of security vulnerabilities.

At present, we analyse using BitBucket pipelines and push the results to sonarcloud.io
The results shown in sonarcloud are categorised into a number of areas and one of these is OWASP TOP 10. This category is extremely useful to us as we have compliance requirements to address issues in this area.

Is there a way that GitHub code scanning can also mark issues as OWASP related?

:wave: hello there and welcome to the GitHub Support Community! There isn’t a way to configure GitHub code scanning to also mark issues as OWASP related today.

Thanks for this feedback! We’re always working to improve GitHub and the GitHub Support Community, and we consider every suggestion we receive.

Would you mind submitting this through our official product feedback form so that our product team can track your request? That’s the best place to share requests like these in consideration for future iterations of GitHub features.

Feedback has now been submitted as requested.