This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP SonarQube Project"

From OWASP
Jump to: navigation, search
Line 6: Line 6:
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
'''NOTE:''' If you are interested in contributing to open source static vulnerability analysis for Java, OWASP recommends you contribute to the [http://find-sec-bugs.github.io/ Find Security Bugs Project] run by Philippe Arteau. FindSecBugs is a FindBugs plugin. Philippe also runs the [https://github.com/SonarQubeCommunity/sonar-findbugs SonarQube FindBugs Plugin Project], which bundles both FindBugs and FindSecBugs into a plugin that can be used with SonarQube and in fact comes bundled with SonarQube by default. So, by contributing to the Find Security Bugs project, you are helping both the Find Bugs and SonarQube user communities at the same time.
+
The OWASP SonarQube project aims to provide open source SAST using the existing open source solutions. SonarQube is one of the world’s most popular Continuous Code Quality tools and it's actively used by many developers and companies.
  
 
+
This project aims to enable more security functionalities to SonarQube and use it as an SAST. This project will use open source sonar plugins, rules, as well as other open source plugins especially FindSecBugs and its security rules. FindSecBugs enables the taint analysis.
----
 
 
 
==About SonarQube==
 
 
 
[http://www.sonarqube.org SonarQube] is an Open Source platform for managing code quality. This platform can be extended with Open Source or commercial plugins, see for instance the [http://redirect.sonarsource.com/plugins/java.html Java], [http://redirect.sonarsource.com/plugins/javascript.html JavaScript], [http://redirect.sonarsource.com/plugins/php.html PHP] and [http://redirect.sonarsource.com/plugins/csharp.html C#] plugins.
 
  
 
==Licensing==
 
==Licensing==
Line 33: Line 28:
  
 
== Repository ==  
 
== Repository ==  
Here are the repositories for the open source plugins related to this project. Most of them provide security-related rules:
+
Here are the repositories for the open source plugins related to this project.
 +
* [https://github.com/SonarSource/sonarqube SonarQube]
 +
* [https://github.com/find-sec-bugs/find-sec-bugs FindSecBugs]
 
* [https://github.com/SonarSource/sonar-java Java]  
 
* [https://github.com/SonarSource/sonar-java Java]  
 
* [https://github.com/SonarCommunity/sonar-javascript JavaScript]  
 
* [https://github.com/SonarCommunity/sonar-javascript JavaScript]  
 
* [https://github.com/SonarCommunity/sonar-php PHP]
 
* [https://github.com/SonarCommunity/sonar-php PHP]
* [https://github.com/SonarSource/sonar-dotnet-codeanalysis C#]
+
 
* [https://github.com/SonarCommunity/sonar-widget-lab Widget Lab] provides security-related SonarQube dashboard widgets
 
  
  

Revision as of 21:36, 9 August 2017

OWASP Project Header.jpg

The OWASP SonarQube project aims to provide open source SAST using the existing open source solutions. SonarQube is one of the world’s most popular Continuous Code Quality tools and it's actively used by many developers and companies.

This project aims to enable more security functionalities to SonarQube and use it as an SAST. This project will use open source sonar plugins, rules, as well as other open source plugins especially FindSecBugs and its security rules. FindSecBugs enables the taint analysis.

Licensing

OWASP SonarQube Project is free to use. It is licensed under the Apache 2.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


Project Leader

Vinod Anandan

Email List

Sign Up!

Archives


Repository

Here are the repositories for the open source plugins related to this project.


Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg
How to help ?


Sponsors :

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_SonarQube_Project&oldid=232138"