Map Security Findings to OWASP Top 10 Categories
Use the Vibgrate OWASP Category Mapping scanner to organize security findings into OWASP Top 10 categories, then export and gate on them.
The Vibgrate OWASP Category Mapping scanner organizes security findings into OWASP Top 10 categories, giving security and engineering teams a shared vocabulary for triage. It runs as part of a standard scan and contributes categorized findings you can review and gate on.
Prerequisites
- A project repository with dependency manifests
- Vibgrate CLI installed, or use the no-install form
Steps
1. Install the CLI
npm i -g @vibgrate/cli
Or try it without installing:
npx @vibgrate/cli scan
2. Run the scan
From the project root:
vg
The OWASP Category Mapping scanner runs as part of the scan and maps findings into OWASP Top 10 categories.
3. Review OWASP categories
Group the findings by their OWASP category to see where risk concentrates and to align engineering work with familiar security taxonomy.
4. Export for triage
Emit machine-readable output to feed triage and reporting:
vg scan --format json --out vibgrate.json
For code-scanning dashboards, use SARIF:
vg scan --format sarif --out vibgrate.sarif
5. Gate the pipeline
Fail the run when error-level findings appear:
vg scan --fail-on error
Verification
Confirm the scan reported findings mapped to OWASP categories and that your exported file exists. With --fail-on error, check the exit code to confirm the gate works.
Next Steps
Pair this with the Security Posture scanner for structural hygiene, and push results to Vibgrate Cloud with vg push for team-wide trend tracking.