Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Load STIG standard after ACOMMONS-11 is done #9558

Closed
2 tasks
andrei-epure-sonarsource opened this issue Jul 24, 2024 · 1 comment · Fixed by #9584
Closed
2 tasks

Load STIG standard after ACOMMONS-11 is done #9558

andrei-epure-sonarsource opened this issue Jul 24, 2024 · 1 comment · Fixed by #9584
Assignees
@Tim-Pohlmann
Labels
Area: SQ Plugin Java plugin related issues. Sprint: Hardening Fix FPs/FNs/improvements Type: UX Improve any kind of user experience
Milestone
9.31

Comments

@andrei-epure-sonarsource
Copy link
Contributor

andrei-epure-sonarsource commented Jul 24, 2024
edited by mary-georgiou-sonarsource
Loading

Next week, a new version of analyzer commons will be added via https://sonarsource.atlassian.net/browse/ACOMMONS-11 to enable the import of a new security standard.

As part of the SQ plugin hardening sprint, we should update Analyzer commons and call the metadata API.

Check the PR for adding support for ASVS standard - should be the same thing as in #5941
Edit by Mary: Functionality of this PR is no longer valid. We use the common functionality to add security standards by sonar-commons-io. Should be enough to update the package sonar-commons-io and add tests.

  • Add a check for the SonarQube version (it will be shipped in 10.7 in September). On SonarCloud it's already supported.
  • Tests are in CSharpSonarRulesDefinitionTest .
@pavel-mikula-sonarsource pavel-mikula-sonarsource added Sprint: Hardening Fix FPs/FNs/improvements Area: SQ Plugin Java plugin related issues. labels Jul 24, 2024
@pavel-mikula-sonarsource pavel-mikula-sonarsource added this to the 9.31 milestone Jul 24, 2024
@pavel-mikula-sonarsource pavel-mikula-sonarsource added the Type: UX Improve any kind of user experience label Jul 24, 2024
@andrei-epure-sonarsource andrei-epure-sonarsource changed the title Load STIG reports after ACOMMONS-11 is done Load STIG standard after ACOMMONS-11 is done Jul 24, 2024
@mary-georgiou-sonarsource
Copy link
Contributor

sonar-commons should be released today or tomorrow; however, we also need this PR to be merged SonarSource/rspec#4098 in order to be able to close this issue.

@Tim-Pohlmann Tim-Pohlmann self-assigned this Jul 30, 2024
@Tim-Pohlmann Tim-Pohlmann mentioned this issue Jul 31, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Tim-Pohlmann Tim-Pohlmann

Labels
Area: SQ Plugin Java plugin related issues. Sprint: Hardening Fix FPs/FNs/improvements Type: UX Improve any kind of user experience
Projects
None yet
Milestone
9.31
Development

Successfully merging a pull request may close this issue.

Add support for STIG standard SonarSource/sonar-dotnet
4 participants
@Tim-Pohlmann @andrei-epure-sonarsource @pavel-mikula-sonarsource @mary-georgiou-sonarsource