I have modified the C++ Plugin 1.3.2 in order to implement a new parser to scan a XML report. I run SonarScanner to scan this XML report which is generated by a third-party source code analysis tool.
I have also included a new XML rule map to create a new repository based on this third party rules set.
I am using:
- Sonarqube Community Edition Version 7.9.3
- SonarScanner 126.96.36.1992
- C++ (Community) Plugin 1.3.2 modified to include my own parser
The new rules set is included into SonarQube coding rules page as a new repository with the fileds properly assigned (e.g. severity, type, …).
Below is an example of the fields which I am set for each rule into XML rules map file:
<rule> <key>CWE-119-a</key> <name>Avoid accessing arrays out of bounds</name> <description>Avoid accessing arrays out of bounds</description> <tag>cwe</tag> <internalKey>CWE-119-a</internalKey> <severity>CRITICAL</severity> <type>VULNERABILITY</type> <remediationFunction>LINEAR</remediationFunction> <remediationFunctionGapMultiplier>5min</remediationFunctionGapMultiplier> </rule>
My questions is how can I set-up some of rules to fall into the “Security category” tab.
I do not know if a built-in tag must be used or there is another field what I am not using that is used to this behaviour.
I have been reviewing the Sonar Docs about this topic, but I do not find anything.
Thanks in advance.