How to create a security report on SonarQube?
March 14, 2025
If you want to get reports of security standards from your code we will make it easy. Just install a plugin! The bitegarden team has developed the Security Plugin for SonarQube™ which allows you to obtain this type of reports that you need to maintain the security and quality of your code. In this article we explain how it works.
Step 1: Download the Security Plugin for SonarQube™
The first thing you need to do is download the Security Plugin for SonarQube™ via this link. In case you don’t know, this is our product that adds a new page to SonarQube projects where you can see and manage information about vulnerabilities classified in the standards: OWASP TOP 10, CWE SANS Top 25 and OWASP ASVS.
You have a 14-day free version to see how this product works in your instance. We also have this same product for SonarQube Cloud, which you can download via this link
Step 2: Generate reports
Here you must already have the plugin installed. Enter the SonarQube Server project you want. If you click on the ‘More’ tab, you will be presented with a drop-down list that includes the following security reports:
-
Security Assessment OWASP ASVS.
-
Security Assessment CWE TOP 25 on the cusp.
-
Security Assessment CWE TOP 25.
-
Security Assessment ISO 5055.
-
Security Assessment OWASP TOP 10.
Here you can see an image of where these options are located:
Click on any of them and a new page will open with the analysis of the information of that security standard. Here, you simply have to click on the ‘Download as PDF’ button.
And so far this quick tutorial. If you are interested, we have available a 20% discount for the Premium Pack bitegarden which includes all products for SonarQube Server. You can take advantage of this offer through the download products page
bitegarden team
Helping companies to develop better software