SonarQube Vulnerbilities

What language are you writing rules for?
We are trying to implement best practices for capturing vulnerabilities that are related to Kubernetes, HTML,CSS, Javascript, Could you please help us with implementation.



Welcome to the community!

I’m not sure why you think you need to write rules for this. Just make sure the security-related rules are included in your Quality Profiles.


Hi Ann,

Just to confirm what i understood, for example in Sonarqube under quality profiles i see 24 active rules related to our organization that capture the vulnerabilities and we dont have to configure any additional rules?


I’ll never say our rules cover 100% of cases 100% of the time. It’s possible (likely?) that we’ll add more rules in the future and it’s possible that you may find rules in a 3rd-party plugin that you want to add (I’m not currently aware of any, BTW). But with the out-of-the-box rules enabled, you should be good to go.