Compliance-Zuordnung

SecIQ maps findings to OWASP Top 10 and CIS benchmarks automatically. View your live compliance posture in the Findings dashboard.

A01: Broken Access Control

Mapped from SAST rules detecting authorization bypass patterns.

A02: Cryptographic Failures

Weak crypto, hardcoded keys, and insecure TLS configurations.

A03: Injection

SQL injection, XSS, command injection detected by SAST engine.

A04: Insecure Design

Architectural risks surfaced through policy exceptions and risk acceptance.

A05: Security Misconfiguration

IaC scanner checks Terraform, Kubernetes, and Dockerfile defaults.

A06: Vulnerable Components

SCA engine matches CVEs against npm, pip, and go.mod dependencies.

A07: Authentication Failures

Secret scanner detects exposed credentials and JWT tokens.

A08: Software Integrity Failures

CI/CD merge gates block builds on critical findings.

A09: Logging Failures

Audit logs capture all security-relevant tenant actions.

A10: SSRF

SAST rules detect server-side request forgery patterns.