I want to scan my github repo for xss , sql injection attack . My application is based on php , js , html , css . So my question is does sonarcloud detects all these vulnerabilities . Please infom me the process .
Yes, SonarCloud is having rules to detect XSS, SQL and other injection vulnerabilities on PHP. Here are the links for the 2 type of vulnerabilities you mentioned:
If your code is hosted on GitHub, then it’s super easy and quick to have your code automatically scanned. You sign-up on SonarCloud, and then you follow the tutorial that will guide you. Because your project is made of PHP, JS, HTML and CSS, SonarCloud will take care of scanning your code and you have nothing to configure in your CI.