Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 40 million developers.Sign up
- Support for SonarQube 7.3
- Integration into SonarQubes "Security Reports"
- Added tags for OWASP Top 10 and SANS Top 25 categories
- Moved plugin configuration into "External Analyzers" section
- Added new option "Import All" to optionally create issues for Xanitizer findings detected by OWASP Dependency Check and SpotBugs as well as issues for findings without any detected code location to allow consistent numbers in SonarQube and Xanitizer itself.
- Support of the new protocol check problem types introduced with Xanitizer 4.1.
- Added several new rules for problem types introduced with Xanitizer 4.1.
- Improved robustness and logging.
- Updated mapping of detected problem types
Reworked plugin some more:
- Messages now say what to do
- Only issues for findings that can be matched in the code are created
- Secondary locations for taint sources / taint sinks
- Removed Quality Profile
- Improved detection of corresponding file
- removed FindBugs and OWASP Dependency Check rules
- single rule for each Xanitizer problem type
- avoid NoSuchMethod error in newer versions of the Java plugin
- added descriptions to rules
- renamed configuration parameter and provide default value
- reduced length of issue messages
- many small improvements
First release of the plugin as open source version.
- Fixed some minor bugs
- Added error messages
- Do not run sensor when no Xanitizer rule is set active in the quality profile