Hi there. I am trying to understand what all vulnerabilities does sonarqube scan for. I have not found any information regarding what exactly it looks for.
Thanks
Hi there. I am trying to understand what all vulnerabilities does sonarqube scan for. I have not found any information regarding what exactly it looks for.
Thanks
Hello,
All the rules provided by SonarSource and available in SonarQube are listed in our Rules Repository.
Select a language, then a type (Vulnerability or Security Hotspot in your case) and you will find what you are looking for.
SonarQube Developer Edition is coming with Injection Flaw Detection for Java, PHP and C#.
Regards
.
Does sonarqube get updates on latest vulnerabilities from external sources or how can I be sure that I detect the latest vulnerabilities