Group by OWASP TOP-10 vulnerabilities in Security Dashboards

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Problem to solve

The current security widget (MR or pipeline view) and dashboard are displaying alerts in a simple way (a list). The list is a binary statement ("nothing" / "something"), but doesn't give any hint on what has been tested.

Further details

This screenshot from the new Codacy Security Dashboard is explicitly showing to the user what is covered by the tests:

Proposal

If we have the information available, it's something valuable in a security report. The opensource tools we're embedding have disparate outputs, so it might be super hard to achieve.

What does success look like, and how can we measure that?

Give more insights to users about what is actually running.

Links / references

https://blog.codacy.com/security-alerts-on-your-project-d41394e1953b
https://www.tenable.com/sc-dashboards/owasp-top-10

/cc @bikebilly @markpundsack

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖