I am using SonarQube 6.7.4 and having a hard time finding out the CWE rules which are detectable through SonarQube.
Search under Rules does not show anything, while “cwe” as a tag displays all CWE rules, but to check for CWE ids, I will have to open every single rule from the list.
One example - “NullPointerException” should not be caught - refers to CWE-395, and I can see the linkage when I open the rule, but I would like to search by the id directly (CWE-395) to save time.
Similar feature is already available for OWASP top 10 vulnerabilities. Under tags, I can type owasp-a1 or owasp-a2 to see rules directly related to them. Similar search capability for CWE ids (e.g. CWE-395, CWE-89) or even for CERT rules (e.g. EXP03-J, EXP50-J) would be a great value add.