堆栈内存溢出
  简体   繁体   English

安装安全规则后,是否有办法过滤掉所有与安全相关的问题?

[英]After installing Security Rules is there a way to filter out all issues except security related ones?

 原文  2014-12-17 08:33:35       security/ sonarqube

问题描述

I'm getting started with sonarqube (Version 3.7.2) and have installed the Security Rules [securityrules] plug-in (version 0.3.2). 我正在使用sonarqube(版本3.7.2)并安装了安全规则[securityrules]插件(版本0.3.2)。

After deploying the plugin it seemed to activate OK (see Evidence for Successful Plugin Activation, below). 部署插件后,似乎激活了OK(请参阅下面的“成功激活插件的证据”)。 I re-analyzed my project and then went to the dashboard, but i could not see the 'security defects' icon which (according to this document: http://docs.codehaus.org/display/SONAR/Security+Rules+Plugin ) is supposed to appear. 我重新分析了我的项目,然后转到了仪表板,但是我看不到“安全缺陷”图标(根据此文档: http : //docs.codehaus.org/display/SONAR/Security+Rules+Plugin )应该会出现。

I was planning on using that 'view' to drill into a view of only security related issues. 我打算使用该“视图”深入了解仅与安全性相关的问题。 My question is: 我的问题是:

  • is there any other way to do this filtering (besides the security defects widget?) 还有其他方法可以执行此过滤(除了安全缺陷小部件之外?)
  • is there any reason why that widget would not show up. 是否有任何原因导致该小部件无法显示。

I understand the securityrules plugin is deprecated for later versions of sonar, but i'm using an older version which should be compatible. 我知道对于更高版本的声纳不建议使用securityrules插件,但是我使用的应该是兼容的旧版本。

Evidence for Successful Plugin Activation 成功激活插件的证据

after restart the plugin appears in the list of 'Installed Plugins' In the Update Center. 重新启动后,该插件将显示在更新中心的“已安装插件”列表中。

In 'sonar.log' i see this statement: 在“ sonar.log”中,我看到以下语句:

2014.12.17 07:35:57 INFO osspPluginDeployer Deploy plugin Security Rules / 0.3.2 2014.12.17 07:35:57信息osspPluginDeployer部署插件安全规则/ 0.3.2

thanks in advance ! 提前致谢 ! -chris -克里斯

2 个解决方案

解决方案1
 0 已采纳  2014-12-17 08:54:57

You can create a quality profile which contains only rules of the security plugin. 您可以创建仅包含安全性插件规则的质量配置文件。 Then you execute the analysis with that profile. 然后,您使用该配置文件执行分析。

解决方案2
 0  2014-12-17 18:23:42

The answer turns out to be very simple. 答案很简单。 After activating the plug-in I needed to configure the dashboard for the project i am analyzing so the security widget is added. 激活插件后,我需要为我正在分析的项目配置仪表板,以便添加安全性小部件。 This page describes the mechanics: http://docs.sonarqube.org/display/SONAR/Customizing+Dashboards 此页面描述了机制: http : //docs.sonarqube.org/display/SONAR/Customizing+Dashboards

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Grails安全过滤器除一个动作外的所有动作 - Grails security filter all action but except one 在安装Chef(12)之后要采取与“关键”用户相关的安全预防措施吗? - Security precautions to take, related to the `pivotal` user, after installing Chef (12)? symfony security除一台主机外的所有主机 - symfony security all hosts except one 在 ubuntu 中安装任何东西,然后总是显示与安全问题相关的错误 - Installing anything in ubuntu then showing always security issue related error ASP.NET安全问题,可能与Umbraco有关,但很可能只是一般安全问题 - ASP.NET security issues, maybe Umbraco related, but most likely just general security issue Weceem安全性规则的拦截器 - Interceptor for Weceem Security rules Firebase数据库安全规则 - Firebase database security rules Firebase 存储安全规则 - Firebase Storage Security Rules Firestore中更新的安全性规则 - Security rules for updates in Firestore 模拟安全服务的安全方法是什么? - What is a safe way to mock out a security service?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM