Skip to main content

Map Security Findings to OWASP Top 10 Categories

Use the Vibgrate OWASP Category Mapping scanner to organize security findings into OWASP Top 10 categories, then export and gate on them.

Difficulty
Intermediate
Duration
20 minutes
Steps
5

The Vibgrate OWASP Category Mapping scanner organizes security findings into OWASP Top 10 categories, giving security and engineering teams a shared vocabulary for triage. It runs as part of a standard scan and contributes categorized findings you can review and gate on.

Prerequisites

  • A project repository with dependency manifests
  • Vibgrate CLI installed, or use the no-install form

Steps

1. Install the CLI

npm i -g @vibgrate/cli

Or try it without installing:

npx @vibgrate/cli scan

2. Run the scan

From the project root:

vg

The OWASP Category Mapping scanner runs as part of the scan and maps findings into OWASP Top 10 categories.

3. Review OWASP categories

Group the findings by their OWASP category to see where risk concentrates and to align engineering work with familiar security taxonomy.

4. Export for triage

Emit machine-readable output to feed triage and reporting:

vg scan --format json --out vibgrate.json

For code-scanning dashboards, use SARIF:

vg scan --format sarif --out vibgrate.sarif

5. Gate the pipeline

Fail the run when error-level findings appear:

vg scan --fail-on error

Verification

Confirm the scan reported findings mapped to OWASP categories and that your exported file exists. With --fail-on error, check the exit code to confirm the gate works.

Next Steps

Pair this with the Security Posture scanner for structural hygiene, and push results to Vibgrate Cloud with vg push for team-wide trend tracking.

Prerequisites

  • A project repository
  • Vibgrate CLI installed

Steps

  • 1
    Install the CLI
  • 2
    Run the scan
  • 3
    Review OWASP categories
  • 4
    Export for triage
  • 5
    Gate the pipeline

Category

Vibgrate