Security vulnerabilities

Hello,
can we add information from a “Nessus” type tool or other open source tool to the sonarch report
thank you for your reply

Hi,

Google tells me Nessus scans computers. SonarQube analyzes source code. You could try to convert your Nessus reports to e.g. the Generic Issue Import Format, but you’d be missing which source file in which project to hang each issue off of.

If you really must do this, then I suppose you could create a dummy project for each computer and hang the issues off the project itself. But the user experience for project-level issues isn’t great.

It seems like a real stretch to me.

 
Ann

Hi,

I am not worth especially tested the OS, but rather the vulnerability of the application (between 2 I found the wapiti tool)

it is therefore possible to provide a report to sonarqube ?

Hi,

Assuming you’re also analyzing the source code of the application, then the Generic Issue import that I mentioned above should work.

 
HTH,
Ann