Rule sets for Go, Scala, CSS

Must-share information (formatted with Markdown):

  • which versions are you using: SonarQube 8.9.2.
  • what are you trying to achieve: I’m trying to analyse the vulnerabilities for Go, Scala and CSS. But found that the rules set are limited. Is there a plan to include more rules?
  • what have you tried so far to achieve this: try to find 3rd party scanners for those languages.

Hi,

We may add some rules for those languages in the coming year, but they’re not currently at the top of our list. Do you have anything in particular in mind?

 
Ann

Hi Ann,

Thanks. Is there a timeline already for these? For Go, currently using gosec so probably along this. OWASP top 10, CVEs.

Hi,

Thanks for sharing. Sorry, no timeline.

 
Ann