i want to evaluate some aggregator tools like
DefectDojo https://www.defectdojo.org/ and
WRT to the Sonarqube integration:
Do you have practical experience with this tools ?
The timestamp of the threadfix documentation of the Sonar plugin is rather old = 2017, it seems the development has stalled !?
What’s the status of https://jira.sonarsource.com/browse/MMF-1672 ?
Also checked https://github.com/DefectDojo/django-DefectDojo/issues/810 , but it’s still not clear,
whether Sonarqube integration works.
I’m Dan Cornell from Denim Group / ThreadFix.
We’ve recently updated our SonarQube integration to pull in the results of the updated vulnerability scanning - the vulnerabilities and security hotspots. It is currently a plugin but will be rolled into the main build shortly. If you want to take a look could you please shoot me an email dan at denimgroup dot com or just fill out the contact form at https://threadfix.it/contact/ and mention me/SonarQube in the comments.
sorry for late response, had been on a business trip.
Just wondering why Sonarqube support is not reflected at https://threadfix.it/integrations/ !?
If this is still work in progress i prefer to evaluate the final good.
Why has https://github.com/denimgroup/threadfix been archived, did you switch from
open source to closed source ?
Yeah we need to get the SonarQube/SonarSource integration listed on the integrations page. I’ll ping the folks who maintain the site.
Also we stopped actively maintaining the open source version of ThreadFix a couple of years ago in order to focus on the commercial edition. The economics of the dual open/commercial versions just weren’t working out for us so we chose to focus on the commercial side.
As i also didn’t find JFrog Artifactory and XRay on the integration page, are these supported ?
We don’t have native integrations with those yet, but it should be pretty easy to convert their results to our .threadfix file format:
You’d use the “DEPENDENCY” vulnerability type for the results.
You also have to add a new scanner type - docs for that are here:
Thanks for the update. For further questions i’ll go via threadfix/contact.