Support OWASP 2021 (#774)

dependency-check · Apr 13, 2023 · 66d43ba · 66d43ba
1 parent 44682bc
commit 66d43ba
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/...ncy-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java b/...ncy-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java
@@ -19,14 +19,14 @@
  */
 package org.sonar.dependencycheck.rule;
 
+import javax.annotation.ParametersAreNonnullByDefault;
+
 import org.sonar.api.rule.RuleStatus;
 import org.sonar.api.rule.Severity;
 import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.rule.RulesDefinition;
 import org.sonar.dependencycheck.base.DependencyCheckConstants;
 
-import javax.annotation.ParametersAreNonnullByDefault;
-
 public class KnownCveRuleDefinition implements RulesDefinition {
 
     private static final int CWE_937 = 937;
@@ -51,7 +51,8 @@ private void fillOWASPRule(NewRule rule) {
         rule.setName("Using Components with Known Vulnerabilities");
         rule.setSeverity(Severity.MAJOR);
         rule.setStatus(RuleStatus.READY);
-        rule.addOwaspTop10(OwaspTop10.A9);
+        rule.addOwaspTop10(OwaspTop10Version.Y2017, OwaspTop10.A9);
+        rule.addOwaspTop10(OwaspTop10Version.Y2021, OwaspTop10.A6);
         rule.addCwe(CWE_937);
 
         String description = "<p>Components, such as libraries, frameworks, and other software modules, "