Background
- SonarQube
- Developer Edition
- Dockerized
- v10.6 (92116)
Want
I would like to be notified about security vulnerabilities of SonarQube itself. This would include what security fixes an update covers or if available when there is a zero-day attack what are the remedies recommended by SonarSource before a fix is implemented.
Has Been Done
I have looked into SonarSource/Qube websites but haven’t come across something. Yes, there is a blog but…
Preferred
My preferred method would be communication via email as updates are pushed or vulnerabilities are found.
Is there such a channel? Thanks.