React Native SAST


I came across a scenario wherein I pasted the same code that is mentioned as Non compliant code under Javascript section(below is the sample) and invoked scan through CI/CD. Sonarqube covered those lines of codes in scanning but didn’t highlight that as vulnerability.’/login’,
passport.authenticate(‘local’, { failureRedirect: ‘/login’ }),
function(req, res) {
// Sensitive - no session.regenerate after login

  1. Please suggest if there’s any change required in the configuration to ensure non-compliant code must be highlighted after scan is over.
  2. What capacity is missing in Sonarqube to successfully scan React Native code?

Thanks and regards,

1 Like

Hello Vishal,

Thank you for your feedback.

In order to help you, I would really appreciate if you could clarify from which rule the mentioned non compliant code you are referring to does not raise a vulnerability.

Thank you,