Poor result scanning vulnerable application bodgeit

AdrienGuillerme · September 4, 2018, 3:50pm

Hi,

I am using SonarQube6.7.5 with the Sonar Scanner and the FindBugs Plugin.
I want a SonarQube report containing multiple vulnerabilities.

I scanned the bodgeit application which is designed to contain vulerabilities but the Sonar Scanner doesn’t find anything but Code Smell. (https://github.com/psiinon/bodgeit)

Is this a normal result ?

Thanks for the help!

ganncamp · September 4, 2018, 6:24pm

Hi,

There are more sophisticated rules available for Java starting in 7.2.

If I were you, I’d try this again with 7.3 and Developer Edition($).

Ann