SonarQube Vulnerabilities Testing

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension): * Community Edition Version 8.3 (build 34182)
  • how is SonarQube deployed: AWS EC2 Instance
  • what are you trying to achieve: Want to scan below test with SonarQube scanning
  • SQL Injection vulnerabilities
  • Cross- Site Scripting (XSS)
  • Code Injection Attacks
  • Buffer Overflows
  • Authentication issues
  • Cloud secrets detection
  • what have you tried so far to achieve this: Try to find in current
  • Hello Team,
    We are using Community Edition Version 8.3 (build 34182) of sonarqube in our organization and we need to scan above mention testing so could you please confirm if it is possible to test in this edition. because right now I can’t find it while scanning our code.

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.3 → 8.9.10 → 9.9.2 → 10.2.1 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

And, advanced vulnerability detection (detecting things like SQL injections, XSS, and Code injection) starts in the Developer Edition of SonarQube.

Hi Colin,
Thanks for update we want below vulnerability feature also so can we get this in developer edition or else please specify.

  • Buffer Overflows
  • Authentication issues
  • Cloud secrets detection

Some of these features, like secrets detection, are available in the latest version of SonarQube even in the Community Edition. You can check what rules are available in the latest version of SonarQube at https://rules.sonarsource.com/

Thanks Colin for update. If we want move our community edition to Developer edition so what is cost and which additional feature will get in developer edition.

We have lots of webpages dedicated to this, and you can also get in touch with our sales team. Plans & Pricing