Hi All,
We have sonarway profile in our developing environment, i just want to confirm whats inside the sonarway built in profile. Does this include remediating owasp top 10 and other critical vulnerability? Also if there is a reference to look at it will be helpful.
Any insights will be highly appreciated, Thanks!
Hi,
What we put into the Sonar way profiles are the rules we feel are no-brainers for every developer on 95% of projects. As an example, that generally means omitting framework-specific rules. And it definitely means including security-related rules.
What kind of reference are you looking for?
Ann
Hi G Ann,
I am just looking for the rules inside the sonarway profile related to owasp, common vulnerabilities or emerging threat.
Hi,
Your best bet for that is to do a search on the Rules page, and use the Security Category search facet.
HTH,
Ann