Sonar to identify security vulnerabilities
During the last few months, Sonar has definitely become the leading Open Source Platform to manage Java code quality. The objective to democratize access to code quality is becoming concrete. Read the rest of this page »
However when analyzing source code, quality is only one aspect of things. The ultimate platform should be able to handle Quality, Security and Architecture. Sonar 2.0 will take care of Architecture with a DSM and several valuable Object Oriented metrics.
What is the plan to handle Security ? Technically speaking, there is no difference between a quality rule and a security rule. They both consist in writing a piece of code that analyzes an Abstract Syntax Tree (AST) or the bytecode depending on what needs to be done.