OWASP Top 10 not listed

[praveenkumarp893]

Discussed in #708

^{Originally posted by praveenkumarp893 January 30, 2023}
Hi,

I am using findbugs sonar plugin version 4.2.2 in sonarqube community edition 9.7.1
I created a new quality profile with parent as sonar-way and added all rules from findbugs quality profile. When I did a sonar analysis using the new profile it is not listing owasp top 10 vulnerabilities in the Security Category.

Appreciate your support here.

Thanks,
Praveen

[gtoison]

Hello, unless I misunderstood this is the same issue as #392
The SonarQube plugin API has deprecated the way we load rules and the new way is apparently due for the next major version. Among other changes this should enable us to assign OWASP categories to rules.
I've started working on a branch for that but it's not released at this point: https://github.com/spotbugs/sonar-findbugs/tree/sq-10