Custom Security Profile

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

SonarQube 8.9
Hi guys,

Is creating a custom security profile a good practice? What is the best way to do it without having duplicity?


Jair Menezes

Hi Jair,

In fact, it’s not a bad idea. The taint analysis rules would all be on by default (if you’ve got Developer Edition) but some of the other rules may be off by default. Creating a custom profile would allow you to turn them on.

Great question! Inheritance is the way to go here.