[Suggestion - Enhancement] Would be better to have OWASP Top 10 tag with the code anaysis which gives good impression.

[bugwrangler]

No description provided.

[ajinabraham]

All the vulnerabilities under the following OWASP Mobile Top 10 Mobile, identified via code analysis are detected by the Code Analyser. It's not being categorised under the OWASP Category. Once I am done with the final ruleset for android and iOS, I will prioritise this.

M1: Weak Server Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M6: Broken Cryptography
M7: Client Side Injection
M8: Security Decisions Via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections

[ajinabraham]

Since OWASP Mobile Top 10 changes, no plans to classify according to ranks, but will add a category tag to appropriate vulns.

[bugwrangler]

Agreed.

[ajinabraham]

Difficult to compare between top 10 2014 and 2016
https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10

As the categories themselves are changing between years. This featured won't be added.

[ajinabraham]

Will be tracking this as an enhancement. We won't be ranking anything but categorising based on OWASP Mobile Top 10 and OWASP MSTG

[ajinabraham]

Tracked under all enhancements

[ajinabraham]

Won't be implementing OWASP top 10s changes yearly