I’m currently trailing SonarQube Developer Edition and I’m interested in utilising the SQL injection scanning. My company has a dotnet app which runs a number of SQL queries. We successfully scanned the codebase using the community edition prior to using the developer edition trial but now, when the scan is completed, a warning shows on the project’s page saying “The Data Dictionary is not configured for PLSQL analyzer which prevents rule(s) S3641, S3921, S3618, S3651 to raise issues.” and directs me to this documentation:
The warning and the documentation refer to a data dictionary but do not go into detail on what that dictionary should contain - only how to define how to connect to it. I’ve asked the SonarQube agent but since the trial is only for 14 days, I’m asking here too. Does anyone know what this data dictionary should contain?
a warning shows on the project’s page saying “The Data Dictionary is not configured for PLSQL analyzer which prevents rule(s) S3641, S3921, S3618, S3651 to raising issues.” and directs me to this documentation: https://docs.sonarqube.org/latest/analysis/languages/plsql/
You need to configure the Data Dictionary connection only if you want to use rules S3641, S3921, S3618 or S3651.
Does anyone know what this data dictionary should contain?
From the docs:
Providing this configuration allows SonarPLSQL to query data dictionary views such as SYS.ALL_TAB_COLUMNS to better analyze your SQL.
The analyzer queries the data dictionary views of your DB to gather information (e.g., column type, column restrictions) that is needed for the rules mentioned above.
I’m currently trailing SonarQube Developer Edition and I’m interested in utilising the SQL injection scanning.
None of these rules are related to SQL injection - thus, you don’t need to configure the data dictionary connection for this.