We are currently evaluating SonarQube for our developers and they had a couple of questions. I was hoping that someone may be able to shed some light on some answers. Thanks in advance.
How to easily re-test within the GUI? Or does this always need to be done via Command Prompt?
How to add / remove rules?
What dictates Pass, Failure etc…?
Is higher level reporting available, e.g. encompass review of all projects to see common vulnerabilities / hotspots etc.?
Ability to export reports to file?
Can User setup be configured by user / team – only see your / your teams checks
o How often?
o Where do the updates come from? OWASP etc.?
Ability to integrate with GitLab / PITSS etc….
o Scan project from GitLab?