sonar-cryptography
sonar-cryptography copied to clipboard
cbomkit
This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.
The `translate` functions should use a `DetectionContext` instead of an `IDetectionContext`. Doing this should allow to remove the unnecessary check `detectionContext instanceof DetectionContext context` everywhere in the translation.
Some BouncyCastle rules do not capture all available information, in particular static fields defining the parameter sets of certain algorithms. This would for example distinguish the use of `kyber512`, `kyber768`...
`Algorithm` contains this `deepCopy` method: ```java @Nonnull @Override public INode deepCopy() { Algorithm copy = new Algorithm(this); for (INode child : this.children.values()) { copy.children.put(child.getKind(), child.deepCopy()); } return copy; } ```...
Bumps [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 3.5.0 to 3.5.1. Release notes Sourced from org.codehaus.mojo:exec-maven-plugin's releases. 3.5.1 🐛 Bug Fixes Add ClassLoader support for ASM ClassWriter (#472) @slawekjaranowski 📦 Dependency updates Bump org.codehaus.mojo:mojo-parent from...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps `sonar.java.version` from 8.10.0.38194 to 8.14.1.39293. Updates `org.sonarsource.java:sonar-java-plugin` from 8.10.0.38194 to 8.14.1.39293 Release notes Sourced from org.sonarsource.java:sonar-java-plugin's releases. 8.14.1.39293 Release notes - SonarJava - 8.14.1 Improvement SONARJAVA-5352 Fix discrepancies between...
Bumps [advanced-security/maven-dependency-submission-action](https://github.com/advanced-security/maven-dependency-submission-action) from 4 to 5. Release notes Sourced from advanced-security/maven-dependency-submission-action's releases. v5.0.0 Improved multi-module support This release improves multi-module support by reflecting which pom.xml file brings in a particular...
Check if the ANTLR parser can be used to support new languages. Links: - https://github.com/antlr/antlr4 - https://github.com/antlr/grammars-v4
Add support for detecting cryptographic assets in `Golang`. Libraries that should be supported - https://pkg.go.dev/crypto
Bumps `sonar.plugin.api.version` from 11.3.0.2824 to 12.0.0.2960. Updates `org.sonarsource.api.plugin:sonar-plugin-api` from 11.3.0.2824 to 12.0.0.2960 Release notes Sourced from org.sonarsource.api.plugin:sonar-plugin-api's releases. 12.0.0.2960 What's Changed PLUGINAPI-134 Remove deprecated Issue Workflow transitions and statuses by...