7月7,SonarQube发布8.4版本 ,历史、团队、社区 中文插件已支持
code quality质量维度:
- Maintainability 可维护性
- Reliability 可靠性
- Security 安全性
对应:
- Code smell 异味
- Bug bug
- Vulnerability 漏洞 These issues are well documented in lists maintained by CWE and CERT
CWE:Common Weakness Enumeration.
CWE is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.
CERT:Computer Emergency Response Team 卡梅隆大学 CERT Division,注册商标。
CNCERT/CC国家互联网应急中心
Blog:My Consulting Journey at SonarSource 提到——
OWASP top ten Open Web Application Security Project
top ten 源码信息通常特指:“10项最严重的 Web 应用程序安全风险”,这里可以看到中文版本
Community EditionVersion 7.6 (build 21501)
# Java Total 906
Bug 127
Vulnerability 123
Code Smell 624
Security Hotspot 32
## Type
SonarAnalyzerJava 529
PMDJava 268
XanitizerJava 76
PMD Unit TestsJava 17
MyCompany Custom RepositoryJava 10
Common JavaJava 6
# Go Total 46
Bug 11
Vulnerability 2
Code Smell 33
## Type
SonarAnalyzerGo 40
Common GoGo 6
Community EditionVersion 8.3.1 (build 34397)
# Java Total 555
Bug 125
Vulnerability 47
Code Smell 349
Security Hotspot 34
## Type
SonarAnalyzerJava 549
Common JavaJava 6
#Go total 44
Bug 8
Vulnerability 2
Code Smell 34
## Type
SonarAnalyzerGo 38
Common GoGo 6