SonarQube and ISO 5055

Hi,

Do you know about the ISO 5055 (cf :https://www.iso.org/standard/80623.html )?
It is a 2021 standard for automated code quality measurement.
Sonarqube should implement this norm and produce reports to tell the user the quality correctness based on the norm (next to the one based on customized quality rules) so that we could have both the norm quality evaluation and the project/enterprise configured evaluation.

Regards,

Hello,

We are aware of this new ISO document that was published recently, in March 2021.
There is no short term plan to provide a report in SonarQube showing if your software is compliant with this recent standard.

Alex

Hello,

I understand that it is not in short term roadmap since it is quite new but what is it about a more long term like in one year ?
Do you think, in the future, you will invest in this topic ?

Regards,

1 Like

We prefer to invest on providing a good coverage of CWE Top 25 which is refreshed every year and based on data gathered from real past vulnerabilities.

hi there,

i was just skimming through the amount of checks that are listed in this new ISO/IEC Standard (it is quite huge, imo - see here)

i, also, was a bit disappointed about seeing the question @nico7 stated kinda … dodged?

Compliance with a norm might be more persuasive - to some - than providing a good coverage of “community-developed list of software and hardware weakness types” (a.k.a. CWE 25)

So even if you prefer to invest on providing a good coverage of … CWE25 … do you think, in the future, you will invest in this topic?

cheers
Daniel

Hello,

Sorry if I was not clear. We have no plan as of now to provide a report to check if your code is having problems related to the 197 CWEs (I counted) listed in the ISO 5055 document. You can certainly do such report by using the SonarQube API. We also have no plan to implement the metrics defined in the document.

Alex

1 Like

thank you for clarification @Alexandre_Gigleux !
(oh and to @nico7 too, for bringing this ISO norm to my attention :nerd_face: 197 seems like a lot to chew on, actually :sweat_smile: )