Not Equal Sonarqube Rule Count to SonarSource

kanarya · September 17, 2020, 2:20pm

Hi all,
I am trying to take a report Sonarqube. But I realized that Sonarqube’ rules and tag types are not same for C# compared to SonarScanner(1).By the way, the report doesn’t provide same output compared to other static analysis tools. How can I equate?For example, Sonarqube I used, has 384 rules while SonarScanner has 393 rules for C#. Moreover,

Sonarqube I used, has no “injection” tag in Rules tab while SonarScanner has it.
Sonarqube I used, has 50 rules in “cwe” tag, but SonarScanner has 59 rules.
etc.

Note: The sonar version I used: 8.2(Also, I am examined 8.4 version but unfortunately, it has these issues)

1- C# static code analysis: HTTP responses should not be vulnerable to session fixation

Kindly help me in this regard.
Thanks in advance.

ganncamp · September 17, 2020, 7:34pm

Hi,

Welcome to the community!

I believe this thread might help.

Ann

kanarya · September 24, 2020, 8:55am

Thank you. I hope Sonarqube 8.5 release is available as soon as possible

Topic		Replies	Views
Rule Count Discrepancy in SonarSource vs SonarQube SonarQube Server / Community Build sonarqube , rules , sonarqube-cloud	1	893	June 15, 2021
Rules Count is Wrong SonarQube Server / Community Build sonarqube , rules	3	790	November 18, 2020
SonarSource C# Ruleset SonarQube Server / Community Build csharp , sonarqube , security	1	1047	October 9, 2019
SonarQube Vulnerabilities differ in different environment for C# Default Ruleset SonarQube Server / Community Build sonarqube	1	15	August 1, 2024
Sonarsource rules vs Sonarqube rules SonarQube Server / Community Build	3	1271	June 20, 2019

Not Equal Sonarqube Rule Count to SonarSource

Related topics