Hi, I am using Sonarqube CE 7.6.
The server resides in a LAN without internet access. how do I update the vunerability database?
I have searched documentation on line but couldn’t find a good document about vunerbility dabase update.
Please help! thanks in advance to your help.
Hi,
SonarQube does not use a vulnerability database, but does static analysis to detect vulnerabilities in your code. As a user of CE, what you can do is make sure your analzyers are up to date (Administration > Marketplace). Note that taint analysis (the ability to find some more sophisticated vulnerabilities) is available to users of Developer Edition($) and above.
Ann
Hi Ann,
Thanks for your knowlege sharing. so I checked out Marketplace and it gave us what we wants. so because our sonarqube resides in a private subnet without internet access, do you know how to manually download those updates to a repo that our internal sonarqube can have access to?
Thanks
Hi,
Check the individual analyzers’ pages: https://docs.sonarqube.org/display/PLUG. Each one has a download.
Ann