OWASP SonarQube Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP SonarQube Project
OWASP SonarQube is...

Introduction
SonarQube is an open platform to manage code quality. The project consist to deliver a set of "standard" profile for security, like OWASP Top10 profile, ASVS profiles, PCI-DSS profile, ....who can be used by team with the support of owasp

Description
Project will be like the OWASP modsecurity CRS project. Deliver a set of profile who can be recognize by the community as a need for securing their application.

Sponsors :

Advens (Experts on application security) ; allowing time to work on the project

SonarSource (Founder and maintener of SonarQube) ; giving time and expertise to the core of SonarQube

Licensing
OWASP SonarQube Project is free to use. It is licensed under the [ttp://www.apache.org/licenses/LICENSE-2.0 Apache 2.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is SonarQube?
OWASP SonarQube provides:


 * A set of quality profile (as SonarQube), mapped to security standards.


 * Some new plugins/rules for SonarQube.

Project Leader
[mailto:sebastien.gioria@owasp.org Sebastien Gioria]

Freddy Mallet

Ohloh

 * valign="top" style="padding-left:25px;width:200px;" |

Email List
Project Email List

Classifications

 * }

=FAQs=


 * Q1
 * A1


 * Q2
 * A2

= Acknowledgements =

Volunteers
SonarQube is developed by a worldwide team of volunteers. The primary contributors to date have been:


 * xxx
 * xxx

Others

 * xxx
 * xxx

= Road Map and Getting Involved = As of June 2014, the priorities are:

We will first deliver on Java langage :

directly mapping OWASP Top10 2013 with the standard rules of SonarQube.
 * Deliver for the beginning of Q4 (October) 2014 a set of profile

PCI-DSS requirements with the standard rules of SonarQube.
 * Deliver for the end of the year 2014 a set of profile mapping


 * Deliver for 2015 profiles for mapping OWASP ASVS level (1,2,3,4).


 * Deliver profile based on Cert Secure Coding and ISO 27034 ASC for 2015

We plan but not having any roadmap to setup and deliver to OWASP project the capacity yo scan their project with the profiles and rules.

Involvement in the development and promotion of SonarQube is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
 * xxx
 * xxx

=Project About=