Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: Evaluation - 05.12

>
>
Get me two! PVS-Studio plugin update fo…

Get me two! PVS-Studio plugin update for SonarQube

Aug 12 2024

The PVS-Studio plugin for SonarQube has been around for a long time. However, in the latest update, we've turned one plugin into two plugins! This post will explain why it happened, what's new, and what's next.

1152_SonarQube_division/image1.png

SonarQube is an open-source platform developed for continuous code quality assurance. It supports numerous programming languages and metrics: code coverage, potential bugs, duplicated code, coding standards, and much more.

PVS-Studio provides a plugin that helps integrate the PVS-Studio reports into SonarQube. It allows users to add analyzer messages to the SonarQube server database and conveniently handle these warnings in the web interface.

Note: you can read more about the PVS-Studio integration into SonarQube in the documentation.

Some time ago, our users informed us that they encountered an error: the PVS-Studio warnings with High and Low levels were missing in the SonarQube report. It seriously confused users.

1152_SonarQube_division/image2.png

Unfortunately, we don't have a full-time detective, so if not us, who? We investigated the case and found the problem! The user was using the latest SonarQube version which had some unexpected updates.

Previously SonarQube issues had two attributes: Type (Code Smell, Bug, Vulnerability, Security Hotspot) and Severity (Info, Minor, Major, Critical, Blocker).

However, starting with version 10.2, the developers replaced a five-leveled Severity with Software Quality (Maintainability, Reliability, Security) and an updated Severity (Low, Medium, High), which is called Impact in the API code. When filtering warnings, the deprecated issue types were ignored as Deprecated, so SonarQube set Reliability Medium as a default level for PVS-Studio diagnostic rules, hiding all the detected bugs under one flag.

We rolled up our sleeves and started implementing support for the new API version in our plugin. Something truly magical happened in the end. Now there are two PVS-Studio plugins for SonarQube! We developed each plugin for different SonarQube versions and their corresponding API versions. One plugin is for versions from 7.6 up to 10.1, and the other is for 10.2 and later.

Plus, the plugin for SonarQube 10.2 or later now has distribution for both UI filters for OWASP Top 10 (2017 and 2021). It works if we enable displaying warnings as vulnerabilities.

1152_SonarQube_division/image3.png

The PVS-Studio static analyzer 7.32 has been released. Now you can download the plugin for the SonarQube version you need on our website.

Note: if SonarQube does not meet your goals, you can also use PVS-Studio with a DevSecOps platform, DefectDojo. You can learn more in this article.

Popular related articles


Comments (0)

Next comments next comments
close comment form