SonarQube Vulnerabilities Testing

Vishal_Vilas_Dhadge · September 27, 2023, 5:27am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension): * Community Edition Version 8.3 (build 34182)
how is SonarQube deployed: AWS EC2 Instance
what are you trying to achieve: Want to scan below test with SonarQube scanning

SQL Injection vulnerabilities
Cross- Site Scripting (XSS)
Code Injection Attacks
Buffer Overflows
Authentication issues
Cloud secrets detection

what have you tried so far to achieve this: Try to find in current

Hello Team,
We are using Community Edition Version 8.3 (build 34182) of sonarqube in our organization and we need to scan above mention testing so could you please confirm if it is possible to test in this edition. because right now I can’t find it while scanning our code.

Colin · September 27, 2023, 7:40am

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.3 → 8.9.10 → 9.9.2 → 10.2.1 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

And, advanced vulnerability detection (detecting things like SQL injections, XSS, and Code injection) starts in the Developer Edition of SonarQube.

Vishal_Vilas_Dhadge · September 27, 2023, 8:49am

Hi Colin,
Thanks for update we want below vulnerability feature also so can we get this in developer edition or else please specify.

Buffer Overflows
Authentication issues
Cloud secrets detection

Colin · September 27, 2023, 2:53pm

Some of these features, like secrets detection, are available in the latest version of SonarQube even in the Community Edition. You can check what rules are available in the latest version of SonarQube at https://rules.sonarsource.com/

Vishal_Vilas_Dhadge · September 28, 2023, 6:08am

Thanks Colin for update. If we want move our community edition to Developer edition so what is cost and which additional feature will get in developer edition.

Colin · September 28, 2023, 1:23pm

We have lots of webpages dedicated to this, and you can also get in touch with our sales team. Plans & Pricing

Topic		Replies	Views
Security Scanning with SonarQube? SonarQube Server / Community Build	5	2180	August 16, 2019
SonarQube Community vs. Developer Edition Security Scan SonarQube Server / Community Build java	1	756	November 28, 2023
Unable to scan the vulnerability SonarQube Server / Community Build sonarqube	3	767	July 26, 2023
Does SonarQube detect SQL injection vulnerabilities in Community Edition? SonarQube Server / Community Build python	1	2926	October 29, 2023
Unable to detect SQL Injection Issue SonarQube Server / Community Build	3	57	January 13, 2025

SonarQube Vulnerabilities Testing

Related topics