SonarQube Vulnerbilities

Sai1995 · April 15, 2024, 4:41pm

What language are you writing rules for?
We are trying to implement best practices for capturing vulnerabilities that are related to Kubernetes, HTML,CSS, Javascript, Could you please help us with implementation.

Thanks

ganncamp · April 16, 2024, 1:26pm

Hi,

Welcome to the community!

I’m not sure why you think you need to write rules for this. Just make sure the security-related rules are included in your Quality Profiles.

Ann

Sai1995 · April 16, 2024, 5:07pm

Hi Ann,

Just to confirm what i understood, for example in Sonarqube under quality profiles i see 24 active rules related to our organization that capture the vulnerabilities and we dont have to configure any additional rules?

ganncamp · April 16, 2024, 5:50pm

Hi,

I’ll never say our rules cover 100% of cases 100% of the time. It’s possible (likely?) that we’ll add more rules in the future and it’s possible that you may find rules in a 3rd-party plugin that you want to add (I’m not currently aware of any, BTW). But with the out-of-the-box rules enabled, you should be good to go.

HTH,
Ann

Topic		Replies	Views
No Go Vulnerabilities rules in SonarQube New rules / language support go , q_gate , rules , external_issues	9	2227	December 9, 2024
Go vulnerability rules in sonarcloud very limited Writing rules go , security , sonarqube-cloud	8	2653	December 10, 2019
Javascript custom rules with ESLint Writing rules javascript	5	843	July 8, 2020
New rules for .NET New rules / language support dotnet	4	569	November 24, 2020
How to Sonarqube Vulnerability Rules Upgrade Or Additional Plugin vs.? SonarQube Server / Community Build sonarqube	1	431	July 12, 2021

SonarQube Vulnerbilities

Related topics