Must-share information (formatted with Markdown):
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Not very sure at the moment. I will add it when I figure it out.
what are you trying to achieve
I managed the security program at CRD. I am trying to check how SonarQube performs on finding vulnerabilities. WebGoat is a known vulnerable components. We did a scan in house, but find some type of vulnerabilities are missing, including XSS and file and path manipulation, etc. I am wondering if the tool does not perform well on those type of vulnerabilities or we did not configure the tool correctly. I hope you can do a scan and send me the report with notes on what you’ve changed on top of default configuration.
what have you tried so far to achieve this
See above note.