Hi everyone,
I have modified the C++ Plugin 1.3.2 in order to implement a new parser to scan a XML report. I run SonarScanner to scan this XML report which is generated by a third-party source code analysis tool.
I have also included a new XML rule map to create a new repository based on this third party rules set.
I am using:
- Sonarqube Community Edition Version 7.9.3
- SonarScanner 4.3.0.2102
- C++ (Community) Plugin 1.3.2 modified to include my own parser
The new rules set is included into SonarQube coding rules page as a new repository with the fileds properly assigned (e.g. severity, type, …).
Below is an example of the fields which I am set for each rule into XML rules map file:
<rule>
<key>CWE-119-a</key>
<name>Avoid accessing arrays out of bounds</name>
<description>Avoid accessing arrays out of bounds</description>
<tag>cwe</tag>
<internalKey>CWE-119-a</internalKey>
<severity>CRITICAL</severity>
<type>VULNERABILITY</type>
<remediationFunction>LINEAR</remediationFunction>
<remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier>
</rule>
My questions is how can I set-up some of rules to fall into the “Security category” tab.
I do not know if a built-in tag must be used or there is another field what I am not using that is used to this behaviour.
I have been reviewing the Sonar Docs about this topic, but I do not find anything.
Thanks in advance.
David