Security Plugin for SonarQube™

Provides information about security standards (OWASP Top 10, CWE SANS Top 25, OWASP ASVS and ISO5055) including risk factor and security vulnerabilities and categories


Security Assessment on SonarQube™

Have you ever wondered how secure is your project? Do you want to know which security vulnerabilities you need to focus on?

Based on OWASP Top 10, CWE SANS Top 25, OWASP ASVS and CERT security standards, Security Plugin for SonarQube™ gathers the list of vulnerabilities detected in your issues in SonarQube™, letting you know the security level and compliance of the whole project.

The plugin includes OWASP Top 10 2021 and OWASP Top 10 2017, that groups the most important security aspects to take in mind in any application and the 2021 CWE Top 25 Most Dangerous Software Weaknesses.

From version 2.8 the plugin includes a security assessment for OWASP Application Security Verification Standard (OWASP ASVS), with details about chapter, sections and requirements. Read our blog post for more information!

Security Plugin for SonarQube™ will provide you a new brand security space in your SonarQube™ project where you will be able to see all the details about the security assessment.

Try it free Buy Now

sonarqube security assessment main sonarqube security assessment categories


Security Plugin for SonarQube™ is a perfect tool for those developers who worry about the quality and security of their code. Representing the level of security risk of your project through the following factors, makes it much more easier for you to manage your code security.

Technical debt: Technical debt value corresponding to the security issues of the project.

Risk factor: Percentage value (%) that indicates how vulnerable is your project, taking into account the total number of issues detected as well as the size of our project. Moreover, we’ve developed an interpretation of this value through a series of ratings.

Violations density: Percentage value (%) that represents the amount of issues in relation with the security of your project.

Vulnerabilities and HotSpots in one page

You will find all your OWASP or CWE issues (vulnerabilities and hotspots) in one page ordered by severity.

Moreover, the plugin will add new metrics so that you can use them in your Quality Gate like:

OWASP/CWE issues by severity: provides metrics to know your OWASP/CWE compliance.

OWASP/CWE rating: similar to security rating but only for OWASP/CWE issues.

Download Product Brief

sonarqube security assessment vulnerabilities sonarqube security assessment hotspots

It's time to secure your code!

Free Trial

Evaluation license

  • 14 days evaluation license
  • After submitting the form your download will start and it will include your trial key
  • By using this form you will download LTS compatible version, go to downloads for other supported versions
Download and Try