Currently using SonarQube 8.0, sonar-scanner-cli-4.2 on windows (but this is more of an general question).
Im a student currently writing a thesis about SAST tools. Im interestend how SonarQube is keeping itself up to date with new CWA entries, future OWASP and SANS Top listings.
- Dose the SonarQube server get regular updates, in regard to the above, that do not consist of upgrading to a next version?
- If yes, how are they distributed?
- Dose my SonarQube instance need an internet connection to recieve them or are manual installations possible?
- Which OWASP Top 10 version is currently supported?
- Which SANS Top 25 version is currently supported?
- Up until which CWA entrie dose SonarQube check for?
I tried to find relevant information about this in the docs but could not find any.
I am sorry if this is the wrong place to ask this!
(Excuse me for any gramatical errors. English is not my mother tongue.)