I am evaluating SonarQube Version 7.6 (build 21501) as static code analysis tool for my company. So far we are happy with the result and featuares provided by SonarQube but we came across some questions on how can we update the security rules in SonarQube if there are updates in OWASP, CWE, WASC, SANS and CERT security standards. I can’t find the information in google.
May I know if there any plugins for these rules (But I can’t find any developed by SonarQube in marketplace) ? or the security rules are tie to the SonarQube version, ee need to update SonarQube version if there are any updates in the security standards ?
I hope if anyone of you can shed some lights on this. Thank you !