From 66d43ba0e8d8af1d879fa90b7aeb76e95e9a8f22 Mon Sep 17 00:00:00 2001
From: Philipp Dallig <philipp.dallig@gmail.com>
Date: Thu, 13 Apr 2023 14:23:49 +0200
Subject: [PATCH] Support OWASP 2021 (#774)

---
 .../sonar/dependencycheck/rule/KnownCveRuleDefinition.java | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java b/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java
index e06d8cc9..66f00c75 100644
--- a/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java
+++ b/sonar-dependency-check-plugin/src/main/java/org/sonar/dependencycheck/rule/KnownCveRuleDefinition.java
@@ -19,14 +19,14 @@
  */
 package org.sonar.dependencycheck.rule;
 
+import javax.annotation.ParametersAreNonnullByDefault;
+
 import org.sonar.api.rule.RuleStatus;
 import org.sonar.api.rule.Severity;
 import org.sonar.api.rules.RuleType;
 import org.sonar.api.server.rule.RulesDefinition;
 import org.sonar.dependencycheck.base.DependencyCheckConstants;
 
-import javax.annotation.ParametersAreNonnullByDefault;
-
 public class KnownCveRuleDefinition implements RulesDefinition {
 
     private static final int CWE_937 = 937;
@@ -51,7 +51,8 @@ private void fillOWASPRule(NewRule rule) {
         rule.setName("Using Components with Known Vulnerabilities");
         rule.setSeverity(Severity.MAJOR);
         rule.setStatus(RuleStatus.READY);
-        rule.addOwaspTop10(OwaspTop10.A9);
+        rule.addOwaspTop10(OwaspTop10Version.Y2017, OwaspTop10.A9);
+        rule.addOwaspTop10(OwaspTop10Version.Y2021, OwaspTop10.A6);
         rule.addCwe(CWE_937);
 
         String description = "<p>Components, such as libraries, frameworks, and other software modules, "