SonarQube Plugin

SonarQube Plugin

Contextual software security training for detected vulnerabilities and Security Hotspots.

This plugin lists recent vulnerabilities and security hotspots detected by SonarQube, then attempts to find relevant training labs and remediation advice from the SecureFlag Knowledge Base. Each reply includes an overview of everything a developer might need to know in order to understand and remediate a given type of vulnerability, including example code.



Installation

  1. Find the latest release via GitHub here .
  2. Download and copy the .jar file to your $SONARQUBE_HOME/extensions/plugins folder. If updating, remove any old versions first.
  3. Restart your SonarQube server.

Uninstallation

Simply delete the sonar-secureflag-plugin-*.jar file from your $SONARQUBE_HOME/extensions/plugins folder.

Usage

Navigate to a project within SonarQube, then click on the More tab, then SecureFlag Knowledge Base. The plugin will then search for relevant training labs and remediation for recently detected vulnerabilities or security hotspots that have not been resolved. If available, click on Read More next to an issue to see the remediation advice, and Training Lab to find a lab on the SecureFlag platform.

Feedback

Want a new feature? Something not working right? We genuinely want to hear what you think! Please get in touch with us using our contact form here .

    • Related Articles

    • Azure Plugin

      Contextual software security microtraining for issues and pull requests, powered by the SecureFlag knowledge base. This plugin adds a new page to issues that mention security vulnerabilities, with a recommended lab and information from the SecureFlag ...

    • Shortcut Plugin

      Contextual software security microtraining for Shortcut stories, powered by the SecureFlag Knowledge Base. This plugin adds a link to the SecureFlag Knowledge Base to the description of stories that mention security vulnerabilities, with relevant ...

    • GitHub Plugin

      SecureFlag Knowledge Base for GitHub Contextual software security microtraining for issues and pull requests, powered by the SecureFlag knowledge base. This app responds to issues and pull requests that mention security vulnerabilities, with a ...

    • SecureFlag ThreatCanvas for Jira

      AI-powered threat modelling -- for Jira Cloud and Jira Data Center! SecureFlag ThreatCanvas for Jira Cloud and Jira Data Center enables developers to easily generate threat models from issues describing new features or changes to be made. ...

    • Jira Plugins

      SecureFlag Knowledge Base for Jira Plugins Contextual software security training for Jira issues, powered by the SecureFlag knowledge base. This app responds to issues that mention security vulnerabilities, with a recommended lab and information from ...