I have successfully installed and configured the SonarQube(9.6.1) and sonar scanner(4.8.0). i have installed oracle JDK version(11.0.15).
I am using a postgres SQL as a database and version is 7.2
I have project code in my local machine and i am trying to scan , everything is working except vulnerability. vulnerability is not showing.
Hi,
Hope doing good.
As guided I have upgraded the sonar scanner to 9.9.1 but still unable to see the vulnerability reported on sonar dashboard.
I have hard code the credentials as shown in first screen shot to report the vulnerability, still it is not reporting. below is the snippet for reference.
I tried by providing the SQL attack as shown in second screen shot then also it is not encountering.
For the SQL injection – if you’re running the Community Edition of SonarQube, you won’t be able to detect it. Detection of Injection vulnerabilities starts in SonarQube Developer Edition and higher (and on https://sonarcloud.io)
Regarding hardcoded credentials, is it possibly showing up under the Security Hotspots tab of your project?