Hi Ann, again, thanks for responding and detailing the options.
Here’s the scenario.
Our sonarqube server sits inside our test dev environment, which requires certain security hurdles to get into.
The project team have access to the environment, but the clients don’t. Organising giving them access, and then managing that access, wouldn’t be a small piece of work.
At the moment the clients ‘seem’ to be okay with us passing on the Executive Summary, but they’re own internal security team are becoming a lot more engaged of late(hooray), and I can easily imagine them asking me for a more detailed report than the Executive Summary.
From your response, I think the best way forward for me would be as follows.
If the internal security team need more information other than the Executive Report, then I think there’s 2 options
- Setup access to the environment for them, and calculate all the associated costs involved with that
- Create our own report out of the web services you’ve mentioned(“and there are web services you can use to pull the data for manual assembly”), and calculate all the costs involved with that.
Have you got any more information about the web services we could use to pull the data for manual assembly? just in case?
Thanks again Ann