Difference between SonarJava and Find Security Bugs

[Kristian]

Hi,

I just found another SonarQube plugin called "Find Security Bugs"
(https://github.com/find-sec-bugs/find-sec-bugs). It seems, that this
project is part of the FindBugs program.

My question is this: Is this "Find Security Bugs" included in
SonarJava plugin or is this a complete different plugin? Does it make
sense to enable both of them?

It would glad to get some information on that.

With kind regards,
Kristian

[jeanchrist...@sonarsource.com]

Hello,

Find-Sec-Bugs is a plugin for FindBugs. As such it is covered by the findbugs sonarqube plugin, as explained on their web site (Continuous Integration section).

This is not part of SonarJava, but a separate plugin that can work alongside of it.

I hope this answers your question.

Regards,

[Kristian]

Yes, thank you for your reply!

> --
> You received this message because you are subscribed to the Google Groups
> "SonarQube" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to sonarqube+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/sonarqube/1e2e2ca8-a892-4416-939e-1281ddb85ce4%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.