SAST RESULTS REPORTS for Compliance

Hello,

We are in a paid plan and we require a report representing the results of the SAST.
I want to print a report from the SAST, the report is required for compliance (evidence). The report purpose will serve as evidence that the coded has SAST evaluation and present the findings. (Similar to a Vulnerability Scan Report, or a DAST report. These reports present findings in a readable manner to non technical auditors).

Hello @mrod,

Such feature is not available on SonarCloud but it is available on SonarQube Enterprise Edition. It’s called “Security Reports” (see https://www.sonarqube.org/features/security/, in the bottom of the page).
There is no plan in 2020 to add such compliance report on SonarCloud.

Regards

Alexandre_Gigleux,
Okay so I am using https://sonarcloud.io. Is there any APIs that I can use to try and generate my own reports? and Is there a way I can see the findings on say IntelliJ?

Hello,

SonarCloud provides an API that is documented here: https://sonarcloud.io/web_api/api/issues?query=issues

SonarLint is here to provide immediate feedback for developers in the IDE. It doesn’t show yet all the issues raised by SonarCloud (in particular Security Hotspots and Taint Analysis issues) but that’s still a good way to catch almost all of them before they even exist.

Regards
Alex

Do you know where I can find documentation for SonarLint? I am using IntelliJ and I am having a hard time binding the projects to my sonarCloud.

SonarLint - Invalid binding Project bound to an invalid remote project