DOD 800 - 53 support

Hi, we are working on a project and have a requirement to comply with NIST800 - 53. I don’t believe SonarQube maps found issues to NIST 800 - 53. Is this something in the roadmap or are there any plug-ins that could help?

thanks.

Hi,

The Cloudformation GitHub - Hack23/sonar-cloudformation-plugin: Sonar cloudformation plugin , maps the rules from cfn-nag to NIST 800-53 and add tags on the rules.

In some cases there exist a mapping between cwe id:s → 800-53 , have a look at sonar-cloudformation-plugin/cloudformation-rules.xml at master · Hack23/sonar-cloudformation-plugin · GitHub

But no official support in Sonarqube now. But will also like to have more security standards supported.

Best regards

thanks, James

regards,
Luis