Standard Rules for PL-SQL


(Jorge Centeno) #1

Hi, I am using SonarQube 7.3.0.15553, Developer Edition (Production License), and I use Sonar mainly to verify PL-SQL code.
I realized that the PL-SQL plugin have some “standard” rules described in:
https://rules.sonarsource.com/plsql/type/Vulnerability
https://rules.sonarsource.com/plsql/type/Security%20Hotspot/RSPEC-1523u
In my Server I only see 1 vulnerability rule (Sensitive “SYS” owned functions should not be used)

So, can you confirm that everything is Ok in my installation, or what can I do to use the other rules? Thanks in advance for your comments.


(Alexandre Gigleux) #3

Hello,

You need to check if you are using the latest version of SonarPLSQL analyzer in your SonarQube installation. As of now the latest version is 3.3
To check that, look at this URL $YOUR_SQ_URL/api/plugins/installed and locate the “key”: “plsql”. You will then easily find the version currently running in your SQ 7.3

If you have an older version, go in Administration > Marketplace and update it.

Otherwise you can also upgrade your SQ 7.3 to the latest SQ 7.6 Developer Edition (that contains SonarPLSQ 3.3) by following this guide: https://docs.sonarqube.org/latest/setup/upgrading/

Last, don’t forget to activate these rules in your Quality Profile otherwise they won’t be executed.

Regards


(Jorge Centeno) #5

Thanks, it works with the plugin update!