Sonar Qube Tutorial

Philippe Arteau edited this page Feb 3, 2017 · 3 revisions


FindBugs plugin

There are some chance that the FindBugs plugin have already includes FindSecurityBugs rules. Make sure you are using the latest version.

Update FindBugs

Use a FindBugs profile

By default, the profile is defined to Sonar way. Select one of the two security profiles FindBugs Security Audit or FindBugs Security Minimal.


The issues found by FindSecurityBugs will presented in the same as Sonar rules.

Maven command

mvn sonar:sonar

Browse to the issues


Detail Issue

Creating custom profile

If you are building a custom profiles, you can find all the security rules by selecting the repository Find Security Bugs.