This plugin is deprecated since SonarQube 4.2, and is incompatible with SonarQube versions greater than 4.5.
Description / Features
This plugin enables allows you to define and monitor a set of rules. The issues against these rules get are reported in a dedicated widget. The plugin is called the Security Rules Plugin as because it embedds the embeds a list of security-related Java rules as the default set of rules, but this plugin will work with rules from any language. You can even use it with multiple languages at once, by configuring it with a mixed list of rules.
The set of rules can be redefined by going to System Settings > Configuration > General Settings > Security rules. The format is
- Install the plugin through the Update Center or download it into the SONARQUBE_HOME/extensions/plugins directory
- Restart the SonarQubeserver
Run a new quality analysis and the metrics will be fed.
The plugin enables allows you to quickly identify files that are impacted by a security break, but when in the file, there is no mechanism to highlight the security issues.