Addin integration with SonarQube

I am looking for SonaQube plugins to ingrate my existing multiple application addins to it, just to automate the vulnerability alert system. Can anyone help me with any service provider or my any other mean.

Hi,

Welcome to the community!

It’s really not clear to me what you’re after. Could you elaborate?

 
Ann

Hi Ann,
We are using several application services and addins sourced by third party vendors such as Microsoft etc. in our base application which is in house developed. Now its difficult to track what are the vulnerabilities for each services or solutions to quick fix or version upgrade. We are planning to automate the system by integrating whole library by using SonarQube plug in, as we have SQ purchased. So we are searching any service provider who provides the integration service like this. Thanks.

Hi,

Thanks for clarifying. I’m not aware of any service providers, but maybe you’ll hear from someone.

 
Good luck!
Ann

If you can suggest or recommend any other mechanism also will work

Hi,

The details of your situation are still pretty fuzzy for me, the Generic Issue Import Format might be helpful if those 3rd-party systems raise “issues” that can be tied to code.

 
HTH,
Ann

Is possible to help me to understand of bitegarden services which is listed in SonarQube marketplace. I mean how does it work in case you have some familiarity with it. They say security plugin for SonarQube. It will be very great if I get fair idea about it from you.

Thanks

Hi,

As far as I can tell, this plugin layers some reports and additional, interpretation-type metrics on top of the issues raised by SonarQube’s rules. Security reports are available out of the box in SonarQube Enterprise Edition($$).

 
HTH,
Ann