Hello, I would like to inquire about the timeline for SonarQube’s support of security scanning in Python. Additionally, I have been searching for SonarQube rules applicable to Python but have not found any relevant information thus far. Could someone from the community provide clarification on this matter?
After further research, I discovered the repository at GitHub - SonarSource/sonar-python: 🐍 SonarQube Python plugin. Could you please confirm the minimum required version of SonarQube for this plugin? Furthermore, is it possible to execute SonarPython via the command line in a manner similar to SonarScanner? Unfortunately, I have encountered a lack of comprehensive documentation or guides for SonarPython, which has made my search more challenging.
Hi Jaxson,
We already offer security analysis features for Python. Are you looking for something specific?
Coincidentally, you have posted your question just as we have released a pip installable scanner and before we have announced it or shared documentation. You can be one of the first to try it on pypi here. It is compatible with SonarQube v10.6 and Python 3.9 and above. If you’re using SonarQube Server v9.9 to v10.5, there is an unsupported BETA version you can try here. It is documented in our official documentation site, which I suggest is the first and best place to look for guides on our tooling.
Alternatively you can use SonarScanner CLI, which is documented here.
We’d appreciate your feedback on the scanner since it is new.
Jean
2 Likes