Security Assessment for SonarQube Server 2.30
April 1, 2026
The new version of Security Assessment for SonarQube Server 2.30 incorporates the latest references from the security ecosystem, helping teams focus their efforts where it truly matters today.
Key updates in version 2.30
This update introduces two fundamental improvements that raise the quality of security analysis:
Inclusion of the 2025 CWE Top 25: The plugin includes the updated list of the 25 most dangerous software weaknesses according to CWE. This makes it possible to identify and prioritize the most critical vulnerabilities based on current data rather than outdated references.
Update of the CWE On the Cusp 2025 report: In addition to the Top 25, the plugin integrates those weaknesses that are close to entering the ranking. This report acts as an early warning system, allowing teams to anticipate emerging risks before they become dominant threats.
What is Security Plugin for SonarQube™ Server?
To understand the value of this release, it is worth recalling what this plugin brings to the SonarQube™ ecosystem.
The Security Plugin for SonarQube™ Server is designed to provide a complete and structured view of a project’s security status. Based on standards such as OWASP, CWE, WASC, and CERT, it gathers all vulnerabilities detected in SonarQube™ and organizes them in a clear and actionable way.
Its goal is to answer a key question: what should I focus my security efforts on right now?
To achieve this, the plugin provides:
-
Classification of vulnerabilities according to OWASP Top 10, CWE/SANS Top 25, and OWASP ASVS.
-
Grouping by severity levels.
-
Detailed visualization of security evidence.
-
A dedicated space within SonarQube™ to manage all security-related information.
If you want to improve visibility and prioritization of security in your projects, you can download Security Plugin for SonarQube™ Server from the bitegarden Marketplace.
bitegarden team
Helping companies to develop better software