OWASP SonarQube Project
- How do I use the owasp-top10 tag?
- Perform a rule search for tag=owasp-top10. If you have the proper permissions, you can use the bulk change options to activate the results in your profiles.
- How to help ?
- Give us your expertise on some langage, or ability to test on some real project our rules, or more...
- Will you plan other langage ?
- Yes, contact us if you want to know more. And perhaps give us some feedback one some real projects....
As of June 2014, the priorities are:
First deliver on Java langage :
- Deliver for the beginning of Q4 (October) 2014 tag existing FindBugs and SonarQube rules that apply to the OWASP Top10 2013. Tag name: "owasp-top10".
- Deliver tags mapping Cert Secure Coding and ISO 27034 ASC for the end of 2014
- Deliver for 2015 rule tags mapping PCI-DSS requirements with the standard rules of SonarQube.
- Deliver for 2015 rule tags mapping OWASP ASVS level (1,2,3,4).
Involvement in the development and promotion of SonarQube is actively encouraged! You do not have to be a security expert in order to contribute.
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?