6 months ago we start OWASP Sonarqube project with SonarSource. It's time to make a review of our achievements.
- We(Advens and SonarSource) start the project for Java Langage
- We have , actually, approximatively 40 rules tags OWASP Top10 in Sonarqube plugins. See : http://jira.sonarsource.com/browse/RSPEC-2588?jql=labels%20%3D%20owasp-top10
- We are in the process to have a widget for making a dashboard in Sonar.
- We have presented the project to 2 conferences (http://fr.slideshare.net/Eagle42/analyser-la-scurit-de-son-code-source-avec-sonarsource) and one other is plan in end of March.
- Last but not least, we NEED your feedback, the rules you want to implements and more.
Any contributor is highly welcome to participate to this community effort and participating is pretty easy :
- Each idea of a new potential valuable check should be sent to this project mailing list.
- Then some discussions might start to challenge the idea
- At the end of discussions, a specification of the check is created in the following JIRA project by one of the leader of this project : http://jira.sonarsource.com/browse/RSPEC.
- To suggest a rule, send as much as possible from the following list:
- description - What should be done/not done, and why
- noncompliant code example in the language of your choice
- remediation action - This can be as simple as "Don't do X."
Posté avec Blogsy
Aucun commentaire:
Enregistrer un commentaire