SonarQube is a really good product - I gave it a try and I was amazed, thank you!
I tried to test it’s security capabilities. I took an intentionally vulnerable web application, OWASP JuiceShop and tried to scan it with SonarQube. To my surprise, there were almost no security issues detected. You can find the scan results here. I used the regular scanner, installed via brew on my local mac.
A list of all the security issues in JuiceShop can be found here. Can you help me understand what issues can be detected by SonarQube? I would expect to see XSS/NoSql/Sql injections at least reported…