Provides information about security standards (OWASP, CWE, etc.)
including risk factor and security vulnerabilities and categories
Have you ever wondered how secure is your project? Do you want to know which security vulnerabilities you need to focus on?
Based on OWASP, CWE, WASC, SANS and CERT security standards, SonarQube Security Plugin gathers a list of vulnerabilities detected in the form of issues in SonarQube, letting you know the security level of the whole project.
Moreover, the plugin includes OWASP Top 10 categories, that groups the most important security aspects to take in mind in any application.
SonarQube Security Plugin will provide you a new brand security space in your SonarQube project where you will be able to see all the details about the security assement.
SonarQube Security Plugin is a perfect tool for those developers who worry about the quality and security of their code. Representing the level of security risk of your project through the following factors, makes it much more easier for you to manage your code security.
Technical debt: Technical debt value corresponding to the security issues of the project.
Risk factor: Percentage value (%) that indicates how vulnerable is your project, taking into account the total number of issues detected as well as the size of our project. Moreover, we’ve developed an interpretation of this value through a series of ratings.
Global Maximum Severity: We wanted to represent in a very visual way how worrying are the security issues of projects. That’s why we designed representative and bright colour indicators of the maximum global severity level of your evidences, so you only have to worry about taking care of them, even if you are dealing with a low level risk factor.
Violations density: Percentage value (%) that represents the amount of issues in relation with the security of your project.