We are configuring new quality profiles for our project in sonarcloud.io. We have the developer edition and are using bitbucket. WE have a project in GO. However, there are zero security hotspot rules available for this. Similarly for Swift I see only one. How would I go about adding more of these rules?
And welcome to the community!
It’s not possible to add more because we don’t have more yet. Our Go and Swift analyzer don’t have a lot of security rules yet.
We currently only have 2 rules for vulnerabilities and no hotspots in Go.
And 4 rules for vulnerabilities and 1 for hotspots in Swift.
More rules might come once we focus on the security aspect of those two languages but I don’t think it’s on our roadmap for this year.
We are also very interested in having better security rules for Swift, Go, and Kotlin. I have found there is an open ticket for Kotlin rules (https://jira.sonarsource.com/browse/MMF-1920).
In the previous comment you mentioned it is not on the roadmap for this year, do you have an idea of where adding additional security rules falls on the roadmap and when it will be worked on? Additionally, is there any way to get this moved up the roadmap to be a higher priority?
Thanks for your inputs and showing interest about security rules for mobile dev (Swift, Kotlin) and Go.
In 2020, there is no plan to add such rules for these languages and the roadmap is already fully settled for our security engines to raise more accurate results for Java, C#, PHP, Python, JS and C, C++.
Definitely, when talking about what’s coming next in 2021+, languages used in mobile dev are very good candidates.