OWASP SonarQube Project
- What is the difference with OWASP Top10 plugins for Sonar ?
- This plugins is a commercial (or could be a community) plugins. We give you the ability with our profile, just to install Sonar and the standard plugins (open-source). MoreOver, we will develops other addons-plugins in the next months.
- How to help ?
- Give us your expertise on some langage, or ability to test on some real project our quality profile, or more...
- Will you plan other langage ?
- Yes, contact us if you want to know more. And perhaps give us some feedback one some real projects....
As of June 2014, the priorities are:
First deliver on Java langage :
- Deliver for the beginning of Q4 (October) 2014 tag existing FindBugs and SonarQube rules that apply to the OWASP Top10 2013. Tag name: "owasp-top10".
- Deliver tags mapping Cert Secure Coding and ISO 27034 ASC for the end of 2014
- Deliver for 2015 rule tags mapping PCI-DSS requirements with the standard rules of SonarQube.
- Deliver for 2015 rule tags mapping OWASP ASVS level (1,2,3,4).
Involvement in the development and promotion of SonarQube is actively encouraged! You do not have to be a security expert in order to contribute.
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?