Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Community Edition Version 8.9 (build 43852) - what are you trying to achieve
I added a simple servlet applications, i was expecting that it should caught some security vulnerabilities but i am getting zero vulnerabilities - what have you tried so far to achieve this
Only basic setup is done.
I am able to do XSS attack on top of my application but it is not caught.
I added a javaruntime code to get the sever details, its a vulnerability to expose.
I added username and password in plain text in JSP even thought its a minor issue, but still it is a vulnerability which is not caught
Can you please suggest do i need to do any other setup to caught this kind of vulnerabilities?
regards,
Mahesh.