Group by OWASP TOP-10 vulnerabilities in Security Dashboards
Problem to solve
The current security widget (MR or pipeline view) and dashboard are displaying alerts in a simple way (a list). The list is a binary statement ("nothing" / "something"), but doesn't give any hint on what has been tested.
This screenshot from the new Codacy Security Dashboard is explicitly showing to the user what is covered by the tests:
If we have the information available, it's something valuable in a security report. The opensource tools we're embedding have disparate outputs, so it might be super hard to achieve.
What does success look like, and how can we measure that?
Give more insights to users about what is actually running.
Links / references