Hi,
I came across a scenario wherein I pasted the same code that is mentioned as Non compliant code under Javascript section(below is the sample) and invoked scan through CI/CD. Sonarqube covered those lines of codes in scanning but didn’t highlight that as vulnerability.
app.post(’/login’,
passport.authenticate(‘local’, { failureRedirect: ‘/login’ }),
function(req, res) {
// Sensitive - no session.regenerate after login
res.redirect(’/’);
});
- Please suggest if there’s any change required in the configuration to ensure non-compliant code must be highlighted after scan is over.
- What capacity is missing in Sonarqube to successfully scan React Native code?
Thanks and regards,
Vishal