Can sonarqube measure HiTrust compliance

Can sonarqube measure HiTrust compliance -

Hi, We are currently using version 8.8. We are trying to check if we could use SonarQube for auditing the code for HiTrust compliance.

The Code Scanner includes the testing of input validation controls?

Thanks for any help with this.

Hi,

I’m not aware of any functionality around HiTrust.

 
Ann

Hi @ganncamp,

HITRUST stands for the Health Information Trust Alliance. It basically validates the HIPAA (Health Insurance Portability and accountability Act) - mandated security controls.

Could you please tell us “The Code Scanner includes the testing of input validation controls?”

If yes, then what all input validations controls and vulnerabilities are supported in the sonarqube?

Most of our products are developed in C#/.Net.

Thanks for any help with this.

Hi,

I think you may be asking about taint analysis, which traces untrusted user input and makes sure it’s not used inappropriately. If so, the answer is yes. Taint analysis is available starting in Developer Edition($).

 
HTH,
Ann