Have you ever wondered how secure is your project? Do you want to know which security vulnerabilities you need to focus on?
Based on OWASP, CWE, WASC, SANS and CERT security standards, Security Plugin for SonarQube™ gathers a list of vulnerabilities detected in the form of issues in SonarQube™, letting you know the security level of the whole project.
The plugin includes OWASP Top 10 2017 categories, that groups the most important security aspects to take in mind in any application and the 2020 CWE Top 25 Most Dangerous Software Weaknesses.
Security Plugin for SonarQube™ will provide you a new brand security space in your SonarQube™ project where you will be able to see all the details about the security assement.
Security Plugin for SonarQube™ is a perfect tool for those developers who worry about the quality and security of their code. Representing the level of security risk of your project through the following factors, makes it much more easier for you to manage your code security.
Technical debt: Technical debt value corresponding to the security issues of the project.
Risk factor: Percentage value (%) that indicates how vulnerable is your project, taking into account the total number of issues detected as well as the size of our project. Moreover, we’ve developed an interpretation of this value through a series of ratings.
Violations density: Percentage value (%) that represents the amount of issues in relation with the security of your project.
You will find all your OWASP or CWE issues (vulnerabilities and hotspots) in one page ordered by severity.
Moreover, the plugin will add new metrics so that you can use them in your Quality Gate like:
OWASP/CWE issues by severity: provides metrics to know your OWASP/CWE compliance.
OWASP/CWE rating: similar to security rating but only for OWASP/CWE issues.