Security Reports

Security reports allow you to get an overview of possible vulnerable areas in your code determined by OWASP, CWE and SANS guidelines.

These ratings are based on Vulnerability rules and Security Hotspots in your Quality profiles that have an OWASP category attributed to them.  Vulnerabilities are based on code that is open to an attack whereas the Security Hotspots highlight areas of your code that should be reviewed by a security auditor. 

Hotspots are dealt with slightly differently than Vulnerabilities.  Once they have been reviewed, they can be marked as Clear or Detect

Detecting an issue will mark it as a Vulnerability (a confirmed problem) and allows it to be assigned to a user.

Once an issue has been checked by a user it can either be Dismissed (requiring more information from the security reviewer) or fixed and have a Review Requested.  

Dismissing an issue reverts it back to a Security Hotspot whereas Request Review marks this issue as fixed and adds is to the review column in your Security report under Security Hotspots.