Sonarqube vunerbility update

(jc) #1

Hi, I am using Sonarqube CE 7.6.

The server resides in a LAN without internet access. how do I update the vunerability database?

I have searched documentation on line but couldn’t find a good document about vunerbility dabase update.

Please help! thanks in advance to your help.

(G Ann Campbell) #2


SonarQube does not use a vulnerability database, but does static analysis to detect vulnerabilities in your code. As a user of CE, what you can do is make sure your analzyers are up to date (Administration > Marketplace). Note that taint analysis (the ability to find some more sophisticated vulnerabilities) is available to users of Developer Edition($) and above.


(jc) #3

Hi Ann,

Thanks for your knowlege sharing. so I checked out Marketplace and it gave us what we wants. so because our sonarqube resides in a private subnet without internet access, do you know how to manually download those updates to a repo that our internal sonarqube can have access to?


(G Ann Campbell) #4


Check the individual analyzers’ pages: Each one has a download.