We’ve recently updated our SonarQube integration to pull in the results of the updated vulnerability scanning - the vulnerabilities and security hotspots. It is currently a plugin but will be rolled into the main build shortly. If you want to take a look could you please shoot me an email dan at denimgroup dot com or just fill out the contact form at https://threadfix.it/contact/ and mention me/SonarQube in the comments.
sorry for late response, had been on a business trip.
Just wondering why Sonarqube support is not reflected at https://threadfix.it/integrations/ !?
If this is still work in progress i prefer to evaluate the final good.
Why has https://github.com/denimgroup/threadfix been archived, did you switch from
open source to closed source ?
Yeah we need to get the SonarQube/SonarSource integration listed on the integrations page. I’ll ping the folks who maintain the site.
Also we stopped actively maintaining the open source version of ThreadFix a couple of years ago in order to focus on the commercial edition. The economics of the dual open/commercial versions just weren’t working out for us so we chose to focus on the commercial side.