Poor result scanning vulnerable application bodgeit

security
findbugs

(Adrien Guillerme) #1

Hi,

  • I am using SonarQube6.7.5 with the Sonar Scanner and the FindBugs Plugin.
  • I want a SonarQube report containing multiple vulnerabilities.

I scanned the bodgeit application which is designed to contain vulerabilities but the Sonar Scanner doesn’t find anything but Code Smell. (https://github.com/psiinon/bodgeit)

Is this a normal result ?

Thanks for the help! :slight_smile:


(G Ann Campbell) #2

Hi,

There are more sophisticated rules available for Java starting in 7.2.

If I were you, I’d try this again with 7.3 and Developer Edition($).

Ann