Poor result scanning vulnerable application bodgeit


  • I am using SonarQube6.7.5 with the Sonar Scanner and the FindBugs Plugin.
  • I want a SonarQube report containing multiple vulnerabilities.

I scanned the bodgeit application which is designed to contain vulerabilities but the Sonar Scanner doesn’t find anything but Code Smell. (https://github.com/psiinon/bodgeit)

Is this a normal result ?

Thanks for the help! :slight_smile:


There are more sophisticated rules available for Java starting in 7.2.

If I were you, I’d try this again with 7.3 and Developer Edition($).