OWASP SonarQube Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The OWASP SonarQube project aims to provide open source SAST using the existing open source solutions. SonarQube is one of the world’s most popular Continuous Code Quality tools and it's actively used by many developers and companies.

This project aims to enable more security functionalities to SonarQube and use it as an SAST. This project will use open source sonar plugins, rules, as well as other open source plugins especially FindSecBugs and its security rules. FindSecBugs enables the taint analysis.

Licensing
OWASP SonarQube Project is free to use. It is licensed under the Apache 2.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * valign="top" style="padding-left:25px;width:200px;" |

Project Leader
[mailto:vinod@owasp.org Vinod Anandan]

Email List
Sign Up!

Archives

Repository
Here are the repositories for the open source plugins related to this project.
 * SonarQube
 * FindSecBugs
 * Java
 * JavaScript
 * PHP

Classifications

 * }

=FAQs=


 * How to help ?

= Acknowledgements =

Sponsors :
=Project About=