Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OWASP Top 10 not listed #709

Open
praveenkumarp893 opened this issue Jan 30, 2023 Discussed in #708 · 1 comment
Open

OWASP Top 10 not listed #709

praveenkumarp893 opened this issue Jan 30, 2023 Discussed in #708 · 1 comment

Comments

@praveenkumarp893
Copy link

Discussed in #708

Originally posted by praveenkumarp893 January 30, 2023
Hi,

I am using findbugs sonar plugin version 4.2.2 in sonarqube community edition 9.7.1
I created a new quality profile with parent as sonar-way and added all rules from findbugs quality profile. When I did a sonar analysis using the new profile it is not listing owasp top 10 vulnerabilities in the Security Category.

Appreciate your support here.

Thanks,
Praveen

sonar-findbugs-jan-30
@gtoison
Copy link
Contributor

gtoison commented Jan 30, 2023

Hello, unless I misunderstood this is the same issue as #392
The SonarQube plugin API has deprecated the way we load rules and the new way is apparently due for the next major version. Among other changes this should enable us to assign OWASP categories to rules.
I've started working on a branch for that but it's not released at this point: https://github.com/spotbugs/sonar-findbugs/tree/sq-10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@praveenkumarp893 @gtoison