We've had quite a few requests to include the OWASP Top Ten Id with issues as we do with CWE Ids and WASC Ids.
I believe a contributor is working on the code changed but actually mapping all of our existing alerts will be a non trivial process.
We'll need to include the year as well so I was thiking we'd display something like: "OWASP 2017 A1" etc. So any one issue could potentially map to multiple OWASP IDs across multiple years :/
Would anyone like to help us map the current ZAP issues?
If so then please let me know...
Many thanks,