[NEW RELEASE] sonar-secureflag-plugin 1.0.0


This is a first release of the SecureFlag Knowledge Base for SonarQube plugin. It adds an extra project page that enumerates over SonarQube’s recently detected vulnerabilities and security hotspots, attempting to recommend training labs from the SecureFlag platform and remediation advice from our public knowledge base.

Compatibility: 8.9,8.9.*

SonarCloud: https://sonarcloud.io/project/overview?id=secureflag-training_knowledgebase-for-sonarqube

Link to PR: Release sonar-secureflag-plugin 1.0.0 by bruce-lay · Pull Request #280 · SonarSource/sonar-update-center-properties · GitHub

Homepage URL: SecureFlag Help Center

Download URL: https://github.com/secureflag-training/knowledgebase-for-sonarqube/releases/download/v1.0.0/sonar-secureflag-plugin-1.0.0.jar

Changelog: https://github.com/secureflag-training/knowledgebase-for-sonarqube/releases/download/v1.0.0/CHANGELOG

If it is the first release of the plugin, please mention that the plugin should be added to the Plugin Library page. (Otherwise, we’re likely to forget!)

For playing around with, I used GitHub - msdousti/OWASP-Java: A seriously flawed Java project for teaching "OWASP Top 10 - 2017" concepts.

Hope I’ve done it correctly, looking forward to your feedback :slightly_smiling_face:


Hi Bruce,

This is on my list. I should be able to get back to you soon.



So first, congrats on your plugin!

Unfortunately, we’re not going to be able to add it to the Marketplace. While it passes most of the bureaucratic requirements, it fails #6. You couldn’t have known that ahead of time since we haven’t talked about it publicly, but we are planning to introduce educational features in the next few months.

That raises the question: if you remove the education, would we add the plugin then? Unfortunately, I wouldn’t be comfortable adding a plugin to the Marketplace that only added links to your password-protected commercial features.

I think this will be useful to your existing customer base, but unfortunately not useful to the community at large.


Hi Ann,

Thanks for taking a look; I see :slightly_frowning_face:, I had considered that the commercial parts might have to be removed, but yes I could not foresee #6!

We’ll release it for our customers instead.


1 Like

Hi Bruce,

Thanks for being so gracious.

I invite you to come back to us in a year for reconsideration if you think what we’ve introduced on the education front doesn’t clash with your offering.