...
Vulnerability:
Security Hotspot
List of Docker sonar security rules categorized by OWASP TOP 10:2021
A01:2021-Broken Access Control
Vulnerability:
Security Hotspot:
A02:2021-Cryptographic Failures
Vulnerability:
Security Hotspot:
A03:2021-Injection
Vulnerability:
Security Hotspot:
A04:2021-Insecure Design
Vulnerability:
Security Hotspot:
A05:2021-Security Misconfiguration
Vulnerability:
https://rules.sonarsource.com/docker/type/Vulnerability/RSPEC-4830/ (also A02 and A07)
Security Hotspot:
A06:2021-Vulnerable and Outdated Components
Sonar doesn’t have an ability to detect this. There is a tool available on OWASP site to check dependencies.
https://owasp.org/www-project-dependency-check/
Vulnerability:
Security Hotspot
A07:2021-Identification and Authentication Failures
Vulnerability:
https://rules.sonarsource.com/docker/type/Vulnerability/RSPEC-4830/ (also A02 and A05)
Security Hotspot:
A08:2021-Software and Data Integrity Failures
Vulnerability:
Security Hotspot:
A09:2021-Security Logging and Monitoring Failures
Vulnerability:
Security Hotspot:
A10:2021-Server-Side Request Forgery
Vulnerability:
Security Hotspot