Our team is using Sonarqube for java projects, we are using community version for checking code coverage, duplications and bugs, we also want to track the vulnerabilities through the community version, is it possible, if yes then how can we achieve this?
Hi,
Welcome to the community!
You can detect some vulnerabilities with the Community Edition, but for the “good” ones (found with taint analysis) you’ll need to upgrade to at least Developer Edition($).
HTH,
Ann
Can you please help me with an example of snippet how to integrate the sonarqube with Jenkins pipeline, so that we detect vulnerabilities from community version as well
Hi,
Presumably, you’ve already got all the integration you need already running. You just need to make sure the appropriate Vulnerability rules are enabled in your Quality Profile. By default, they’re already on in Sonar way profiles, so you’re likely good to go.
HTH,
Ann
From where I can get the lost of vulnerabilities that are detected in community edition?
Hi,
Sorry, but I don’t understand the question.
Vulnerabilities are raised as Issues. So… check the Issues page?
HTH,
Ann
My question is, there are some criteria that only few vulnerabilities can be detected in community version, I want to know what all are these vulnerabilities that we can detect in community version.
Since due to some configuration problem or some other issue, we are not able to any detect any vulnerabilities in the sonarqube, we want clarification whether the vulnerabilities present in our code are a part of those which can be detected in community version, that’s we are looking for the list of vulnerabilities detectable in community version
Hi,
I can only point you to the Vulnerability rules. They should help you understand what can be detected with them.
Ann
Yes, please help me in getting the vulnerability rules, can you please share the document from where I can get this?
Hi,
The document is your SonarQube Rules page. It’s in the top menu.
HTH,
Ann