如何开发自定义 SonarQube 插件?
[英]How to develop a custom SonarQube plugin?
问题描述
We are satisfactorily using SonarQube as part of the pipeline of our product, and lately an idea had emerged of creating a customized plugin in SonarQube that will scan our code for PII leaks.
我们满意地使用 SonarQube 作为我们产品管道的一部分,最近出现了一个想法,即在 SonarQube 中创建一个自定义插件,该插件将扫描我们的代码以查找 PII 泄漏。 (eg, if we find 'email' inside the argument of a.log function we will inform the user). (例如,如果我们在 a.log function 的参数中找到“电子邮件”,我们将通知用户)。 Is such a thing possible?这样的事情可能吗? Can anybody please give guidance or a plugin creating guide?任何人都可以提供指导或插件创建指南吗? Couldn't find anything good online.网上没找到好东西。 Thanks谢谢
1 个解决方案
解决方案1
0 2021-08-09 13:47:41
How to develop a custom plugin is documented in the SonarQube documentation . SonarQube 文档中记录了如何开发自定义插件。
scan our code for PII leaks.
If the e-mail address would be hardcoded in the code, you shouldn't have any problems to create a rule which detects it.如果电子邮件地址将被硬编码在代码中,那么创建检测它的规则应该没有任何问题。 If it would be read from a property file and next passed to the method, then I'm not sure if it is possible to detect it.如果它将从属性文件中读取并接下来传递给该方法,那么我不确定是否可以检测到它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.