sonar-findbugs icon indicating copy to clipboard operation
sonar-findbugs copied to clipboard

Published 20 hours ago verified publisher icon spotbugs

OWASP Top 10 not listed

Open praveenkumarp893 opened this issue 2 years ago • 1 comments

Discussed in https://github.com/spotbugs/sonar-findbugs/discussions/708

Originally posted by praveenkumarp893 January 30, 2023 Hi,

I am using findbugs sonar plugin version 4.2.2 in sonarqube community edition 9.7.1 I created a new quality profile with parent as sonar-way and added all rules from findbugs quality profile. When I did a sonar analysis using the new profile it is not listing owasp top 10 vulnerabilities in the Security Category.

Appreciate your support here.

Thanks, Praveen

sonar-findbugs-jan-30

praveenkumarp893 avatar Jan 30 '23 12:01 praveenkumarp893

Hello, unless I misunderstood this is the same issue as #392 The SonarQube plugin API has deprecated the way we load rules and the new way is apparently due for the next major version. Among other changes this should enable us to assign OWASP categories to rules. I've started working on a branch for that but it's not released at this point: https://github.com/spotbugs/sonar-findbugs/tree/sq-10

gtoison avatar Jan 30 '23 20:01 gtoison