OWASP 2021 - A6 rules

We are using Sonarqube 9.9 enterprise edition deployed as a docker container and have recently been looking closer at some of the security rules. We noted specifically on some of our scans that the A6 - Vulnerable and Outdated Components cateogry of the security report simply shows a - sign, as if nothing was evaluated for it. We are currently just using the “SonarWay” quality profiles.

Looking at the Rules tab and filtering down to the A6 rules, it returns 19 rules. However, they only cover C/C++, Java, Objective-C. Are there no rules available for other languages (C#, TypeScript, etc)?


Welcome to the community!

That - means we simply don’t have any relevant rules for those languages.