What are the vulnerabilities that sonarqube scans for?

(Shamanth) #1

Hi there. I am trying to understand what all vulnerabilities does sonarqube scan for. I have not found any information regarding what exactly it looks for.


(Alexandre Gigleux) #4


All the rules provided by SonarSource and available in SonarQube are listed in our Rules Repository.

Select a language, then a type (Vulnerability or Security Hotspot in your case) and you will find what you are looking for.

SonarQube Developer Edition is coming with Injection Flaw Detection for Java, PHP and C#.


1 Like
(John LAVERY) #6

Does sonarqube get updates on latest vulnerabilities from external sources or how can I be sure that I detect the latest vulnerabilities