Once you have setup your SonarQube servers, you just need to use the SonarQube ConnectorOWASP Top 10 Macro to setup the resource you want to get the issues from.

With this macro you will display The OWASP Top 10  a broad consensus about the most critical security risks to web applications.

You have to complete these parameters:

• SonarQube server: this is a dropdown list with the SonarQube servers configured through the plugin settings.
• Resource Key: This is the key of the SonarQube resource where you are going to retrieve the quality metrics. You can get this key from your SonarQube project dashboard or your sonar-project analysis parameters. You can setup more than one resource/project key by providing a comma separated list of resource keys. Measures will be aggregated into a unique view of all the projects together.
  • Note: Enterprise portfolio are also supported you can enter the portfolio name here.
• Tags :This is an optional field. You can get the projects through the tags associated with them in SonarQube/SonarCloud. These tags can be obtained from your project page in SonarQube/SonarCloud or from the analysis properties. You can configure more than one tag by specifying a comma separated list of tags. The results will be aggregated in a single view with all the resources together.
• OWASP Year : select the Owasp Year to retrieve the information.
• Branch: Name of the branch (visible in the SonarQube UI)
  • Only available on single project configuration