Security metric for sonarqube

Template for a good bug report, formatted with Markdown:

  • versions used (SonarQube, Scanner, Plugin, and any relevant extension)
  • error observed (wrap logs/code around triple quote ``` for proper formatting)
  • steps to reproduce
  • potential workaround

P.S.: use the #bug:fault sub-category if you’re hitting a specific crash/error , or the #bug:fp sub-category for rules-related behaviour

Hi Team,

Sonarqube community edition security metric follow the CERT CWE standards or enterprise edition.

Best Regatds,


All SonarQube Editions provide rules that answer to the CWE Top 25, OWASP Top 10 standards. In the Community Edition you have less rules than on the other Editions. Starting at the Developer Edition you have access to all the Security Rules and the Taint Analyzer, providing mainly rules focusing on the OWASP A1 category.

Does-it help? If not, can you clarify your needs?