Skip to main content

OWASP Top 10:2025 Support in Snyk API & Web

Improved

Snyk API & Web now supports the OWASP Top 10:2025 standard for compliance reporting. Users can generate compliance reports against either OWASP 2025 or OWASP 2021 — both versions remain available.

The OWASP Top 10 is the most widely referenced application security framework globally. It's used by enterprises for compliance programs, audit preparation, security training, and vulnerability prioritization.

The OWASP Top 10:2025 was officially published in November 2025 and is being adopted by enterprises, auditors, and compliance programs now. Organizations need their security tools to support the current standard for audit-ready compliance reports.

Without 2025 support, compliance teams face manual workarounds — exporting findings to spreadsheets and cross-referencing against the new standard — a time-consuming and error-prone process.


What changed in OWASP Top 10 2025:

  • Two new categories: A03 (Software Supply Chain Failures) and A10 (Mishandling of Exceptional Conditions)

  • Re-ranked categories: Security Misconfiguration moved from #5 to #2; Injection dropped from #3 to #5; Cryptographic Failures dropped from #2 to #4

  • SSRF reclassification: Server-Side Request Forgery is now classified under A01 (Broken Access Control) instead of having its own category

You can now generate compliance reports against either OWASP 2025 or OWASP 2021 directly from the Snyk API & Web interface — both versions remain available.

How to use:

  1. From the Scan Activity list or from your Scan details, click on the Reports button to expand it

  2. Select the OWASP version you need:

    • OWASP Top 10 2025 — for audits, compliance programs, or reporting against the current standard

    • OWASP Top 10 2021 — for historical comparisons or programs that haven't migrated to the 2025 edition yet

  3. Generate your report — all findings are automatically mapped to the selected standard

What you'll see:

  • Compliance reports are clearly labeled with the selected OWASP version

  • Versioned compliance labels throughout the product (target details, scan details, finding details) show which standard a finding is failing to comply with (e.g., OWASP 2025, OWASP 2021)

To learn more, visit Types of scan reports you can generate with Snyk API & Web in our user documentation.

Headshot of Ana Pascoal

Ana Pascoal | Product Manager

Tags:
DASTUI