Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
{iframe:src=|width=700|height=250|frameborder=0} Your browser does not support iframes. {iframe}
Wiki Markup

This plugin is deprecated since SonarQube 4.2, and is incompatible with SonarQube versions greater than 4.5.

Description / Features

This plugin enables allows you to define and monitor a set of rules. The issues against these rules get are reported in a dedicated widget. The plugin is called the Security Rules Plugin as because it embedds the embeds a list of security-related Java rules as the default set of rules, but this plugin will work with rules from any language. You can even use it with multiple languages at once, by configuring it with a mixed list of rules.

The set of rules can be redefined by going to System Settings > Configuration > General Settings > Security rules. The format is pluginKey:ruleKey, pluginKey2:ruleKey2...


  1. Install the plugin through the Update Center or download it into the SONARQUBE_HOME/extensions/plugins directory
  2. Restart the SonarQubeTM server

Include Page
Include - Plugin Installation
Include - Plugin Installation


Run a new quality analysis and the metrics will be fed.

Known Limitations

The plugin enables allows you to quickly identify files that are impacted by a security break, but when in the file, there is no mechanism to highlight the security issues.