This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP SonarQube Project"
Ann.campbell (talk | contribs) (→Road Map and Getting Involved) |
Ann.campbell (talk | contribs) (→Road Map and Getting Involved) |
||
Line 112: | Line 112: | ||
First deliver on Java langage : | First deliver on Java langage : | ||
− | *Deliver for the beginning of Q4 (October) 2014 tag existing FindBugs and SonarQube rules | + | *Deliver for the beginning of Q4 (October) 2014 tag existing FindBugs and SonarQube rules that apply to the OWASP Top10 2013. Tag name: "owasp-top10". |
− | that apply to the OWASP Top10 2013. Tag name: "owasp-top10". | ||
*Deliver tags mapping Cert Secure Coding and ISO 27034 ASC for the end of 2014 | *Deliver tags mapping Cert Secure Coding and ISO 27034 ASC for the end of 2014 | ||
− | *Deliver for 2015 rule tags mapping | + | *Deliver for 2015 rule tags mapping PCI-DSS requirements with the standard rules of SonarQube. |
− | PCI-DSS requirements with the standard rules of SonarQube. | ||
*Deliver for 2015 rule tags mapping OWASP ASVS level (1,2,3,4). | *Deliver for 2015 rule tags mapping OWASP ASVS level (1,2,3,4). |
Revision as of 07:07, 16 September 2014
- What is the difference with OWASP Top10 plugins for Sonar ?
- This plugins is a commercial (or could be a community) plugins. We give you the ability with our profile, just to install Sonar and the standard plugins (open-source). MoreOver, we will develops other addons-plugins in the next months.
- How to help ?
- Give us your expertise on some langage, or ability to test on some real project our quality profile, or more...
- Will you plan other langage ?
- Yes, contact us if you want to know more. And perhaps give us some feedback one some real projects....
Sponsors :
Advens ; French Experts on application security
SonarSource ; Founder and maintainer of SonarQube
Volunteers
SonarQube is developed by a worldwide team of volunteers. The primary contributors to date have been:
As of June 2014, the priorities are:
First deliver on Java langage :
- Deliver for the beginning of Q4 (October) 2014 tag existing FindBugs and SonarQube rules that apply to the OWASP Top10 2013. Tag name: "owasp-top10".
- Deliver tags mapping Cert Secure Coding and ISO 27034 ASC for the end of 2014
- Deliver for 2015 rule tags mapping PCI-DSS requirements with the standard rules of SonarQube.
- Deliver for 2015 rule tags mapping OWASP ASVS level (1,2,3,4).
Involvement in the development and promotion of SonarQube is actively encouraged! You do not have to be a security expert in order to contribute.
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|