Declare custom rule type as vulnerability in SonarQube 6.3

Question

Declare custom rule type as vulnerability in SonarQube 6.3

I am using sonarQube 6.3 and adding new custom rules for Php or Javascript, they are declared as code smell by default. I would like to declare them a vulnerability or a bug.

Here is an example of a rule declaration

@Rule(key = "Rule1", priority = Priority.MAJOR, name = "Rule 1 sould be used.", tags = {"suspicious" })

Is there a way to do this?

+3

sonarqube

SabrinaS May 30 '17 at 13:40

source to share

1 answer

Julien H. - SonarSource Team · Accepted Answer · 2017-05-31T10:06:10+0000

There is a way to set the type of the rule with some special tags.

The "error" tag means the type "error"
The tag "security" means the type "vulnerability"

So try for example:

tags = {"suspicious", "bug"}

NB: this is documented in the API Javadoc (but hard to find, which I admit)

Declare custom rule type as vulnerability in SonarQube 6.3

More articles: