Sonar info

SonarQube 信息整理

7月7,SonarQube发布8.4版本 ,历史、团队、社区 中文插件已支持

code quality质量维度:

  • Maintainability 可维护性
  • Reliability 可靠性
  • Security 安全性

对应:

  • Code smell 异味
  • Bug bug
  • Vulnerability 漏洞 These issues are well documented in lists maintained by CWE and CERT

CWE:Common Weakness Enumeration.

CWE is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

CERT:Computer Emergency Response Team 卡梅隆大学 CERT Division,注册商标。

CNCERT/CC国家互联网应急中心

Blog:My Consulting Journey at SonarSource 提到——

OWASP top ten Open Web Application Security Project
top ten 源码信息通常特指:“10项最严重的 Web 应用程序安全风险”,这里可以看到中文版本


Community EditionVersion 7.6 (build 21501)

# Java Total 906
Bug	127
Vulnerability	123
Code Smell	624
Security Hotspot	32

## Type
SonarAnalyzerJava	529
PMDJava	268
XanitizerJava	76
PMD Unit TestsJava	17
MyCompany Custom RepositoryJava	10
Common JavaJava	6
# Go Total 46
Bug	11
Vulnerability	2
Code Smell	33

## Type 
SonarAnalyzerGo	40
Common GoGo	6

Community EditionVersion 8.3.1 (build 34397)

# Java Total 555 
Bug	125
Vulnerability	47
Code Smell	349
Security Hotspot	34

## Type
SonarAnalyzerJava	549
Common JavaJava	6
#Go total 44 
Bug	8
Vulnerability	2
Code Smell	34

## Type 
SonarAnalyzerGo	38
Common GoGo	6
 
comments powered by Disqus