What rules and plugins are available to improve secure code analysis for mobile applications and ensure OWASP Top 10 coverage? In particular, how can we detect issues such as hardcoded OAuth credentials, API infrastructure credentials in .env files, non-existent imports, and unencrypted token storage—since these are not currently detected in SonarQube? How can OWASP Top 10 validation be effectively enforced in SonarQube?
Hi,
Welcome to the community!
What language(s) are we talking about here?
Ann