Hello All,
I am new with the sonarcloud and I would like to know if there is a preset or profile that I can use to check if my code is vulnerable to the mentioned framework(owasp). Any tips or reference is a great help for me.
Thanks
Hello,
Out of the box, SonarCloud’s rules will check if you have vulnerabilities related to the OWASP Top 10 2021.
On SonarQube, you have a Security Report, “OWASP Top 10,” that allows you to check if you have remaining open vulnerabilities related to it. The report is not yet available on SonarCloud, but we are working on it. That doesn’t prevent you from already using SonarCloud because the underlying rules are the same between SonarQube and SonarCloud. It means we check the same things.
Alex
Thanks this is a great help, is there any trainign i can do the proper learning provided here??
Hello,
We strongly believe that the best way to learn to write cleaner code is to do so while you are in the context of trying to achieve something.
This can be achieved thanks to the Clean as You Code and the Learn as You Code methodologies.
While you code, you will make mistakes that Sonar will detect. Thanks to the guidance provided by the issue’s documentation, you will learn and hopefully avoid making the same mistakes again.
Otherwise, you can still look at the rules description here but I’m not sure this will be really efficient.
Alex
Hey @eLkia23
We recently launched SonarCloud Enterprise, which includes support for Security Reports!