Rules available in which Sonarqube edition

Hi,

I’m using SonarQube 7.9.1 Community Edition. Now I got notice of an injection vulnerability in Java via Paths.get() and wondered why SonarQube doesn’t report an issue on my code. According to the rules explorer a rule exists: https://rules.sonarsource.com/java/RSPEC-2083 and it should be available in SonarQube, but I cant find it in my own SonarQube instance.

Is there a way I can tell from the rules explorer for a specific rule in which edition this rule is available?

Hi @fxmi,

As expressed in these other threads:

• Can’t find rule S2078, S2076
• Rule S2083 is not found in the server’s rules list
• Can not find injection attacks rules for Java on SonarQube Community edition

These rules about detection of injection especially are only available for our commercial editions of SonarQube, or for Open Source project on SonarCloud. You consequently won’t find them in the community edition.

HTH,
Carine