Hi, we are working on a project and have a requirement to comply with NIST800 - 53. I don’t believe SonarQube maps found issues to NIST 800 - 53. Is this something in the roadmap or are there any plug-ins that could help?
thanks.
Hi,
The Cloudformation GitHub - Hack23/sonar-cloudformation-plugin: Sonar cloudformation plugin , maps the rules from cfn-nag to NIST 800-53 and add tags on the rules.
In some cases there exist a mapping between cwe id:s → 800-53 , have a look at sonar-cloudformation-plugin/cloudformation-rules.xml at master · Hack23/sonar-cloudformation-plugin · GitHub
But no official support in Sonarqube now. But will also like to have more security standards supported.
Best regards
thanks, James
regards,
Luis