After upgrading SonarQube from Community to Developer license I have noticed that more vulnerabilities were found on Java projects but on Javascript and Typescript projects number of vulnerabilities is the same.
I’ve review vulnerabilities rules in both Community and Developer versions of SonarQube for Javascript and Typescript and Developer version has more of rules but for some reason they are ignored (I intentionally introduced vulnerability that is against tssecurity:S6105 rule and it wasn’t catched).
with sonar.verbose=true
I have noticed in the scanner log that those rules are “not read”.
INFO: Analyzing 14419 ucfgs to detect vulnerabilities.
DEBUG: Resource file jssecurity/sources/S2076.json was not read
DEBUG: Resource file jssecurity/sources/S2078.json was not read
DEBUG: Resource file jssecurity/sources/S2083.json was not read
DEBUG: Resource file jssecurity/sources/S2091.json was not read
DEBUG: Resource file jssecurity/sources/S2631.json was not read
DEBUG: Resource file jssecurity/sources/S3649.json was not read
DEBUG: Resource file jssecurity/sources/S5131.json was not read
DEBUG: Resource file jssecurity/sources/S5135.json was not read
DEBUG: Resource file jssecurity/sources/S5144.json was not read
DEBUG: Resource file jssecurity/sources/S5145.json was not read
DEBUG: Resource file jssecurity/sources/S5146.json was not read
DEBUG: Resource file jssecurity/sources/S5147.json was not read
DEBUG: Resource file jssecurity/sources/S5167.json was not read
DEBUG: Resource file jssecurity/sources/S5334.json was not read
DEBUG: Resource file jssecurity/sources/S5335.json was not read
DEBUG: Resource file jssecurity/sources/S5696.json was not read
DEBUG: Resource file jssecurity/sources/S5883.json was not read
DEBUG: Resource file jssecurity/sources/S6096.json was not read
DEBUG: Resource file jssecurity/sources/S6105.json was not read
DEBUG: Resource file jssecurity/sources/S6287.json was not read
DEBUG: Resource file jssecurity/sources/S6350.json was not read
Does anyone one why does rules are ignored?
I am using:
SonarQube server 9.2.4
SonarScanner 4.6.0.2311