Sonarqube vunerbility update

sonarqube
(jc) #1

Hi, I am using Sonarqube CE 7.6.

The server resides in a LAN without internet access. how do I update the vunerability database?

I have searched documentation on line but couldn’t find a good document about vunerbility dabase update.

Please help! thanks in advance to your help.

(G Ann Campbell) #2

Hi,

SonarQube does not use a vulnerability database, but does static analysis to detect vulnerabilities in your code. As a user of CE, what you can do is make sure your analzyers are up to date (Administration > Marketplace). Note that taint analysis (the ability to find some more sophisticated vulnerabilities) is available to users of Developer Edition($) and above.

 
Ann

(jc) #3

Hi Ann,

Thanks for your knowlege sharing. so I checked out Marketplace and it gave us what we wants. so because our sonarqube resides in a private subnet without internet access, do you know how to manually download those updates to a repo that our internal sonarqube can have access to?

Thanks

(G Ann Campbell) #4

Hi,

Check the individual analyzers’ pages: https://docs.sonarqube.org/display/PLUG. Each one has a download.

 
Ann