which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube Version: 9.9.0.65466
how is SonarQube deployed: zip, Docker, Helm
Internal Cloud infrastructure
what are you trying to achieve
While SonarQube scan the code for Scala, it finds vulnerabilities which is not same as scan executed by other SAST security tools
what have you tried so far to achieve this?
We have specific sonar-way ruleset for Scala, wondering how can we get more rules enabled for Scala lang so that it can scan and there would be more scope for finding more vulnerabilities.
Hi,
Welcome back.
We don’t have taint analysis rules for Scala, so I’m not surprised there might be some gaps in what we find. That said, it sounds a bit like we’re finding things other analyzers don’t? And if so, wouldn’t that be a good thing?
HTH,
Ann
it sounds a bit like we’re finding things other analyzers don’t? And if so, wouldn’t that be a good thing?
It’s the opposite, Through SonarQube analysis we are detecting less vulnerabilities for our Scala based code than the analysis executed by the other tools