Trojansource vulnerablity custom rule

Hi Team,

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 8.9 Enterprise Edition

  • what are you trying to achieve
    Trying to write a custom rule for verifying presence of trojan source code vulnerability across various language files (C++, C#, JS, Java etc)

  • what have you tried so far to achieve this
    Understood that it might be possible via custom rules, but not sure how to write one (or which template to use for writing the custom rule)
    Rules | SonarQube Docs


This is a feature SonarSource would like to provide out of the box.



See: Warn on suspicious unicode characters

1 Like