Our objective is to identify a specific list of high risk behaviors in source code, along with any hard coded parameters and strings used (whether obfuscated or not), when code is checked in or built. Examples of high risk behaviors include managing processes that are not children of this process, reading files not owned, or writing data to an IP address outside of the local network. Examples of strings potentially hard coded are the IP address or hostname, file name or path, process ID or name, etc.
Examples of source code languages we are interested in include Java, C, C++, Go, and scripting languages like Python and Perl.
Is sonarqube a good base for this?