XSS and XXE detection, plus more Security Hotspot rules
While we've been improving Python analysis, we haven't forgotten the other languages. For
Java, we've added cryptography-focused Security Hotspot rules, and in commercial editions
the ability to detect XSS vulnerabilities for projects using Spring (Boot or Framework)
with a Thymeleaf template engine.
For C#, there's a new rule to detect XML External Entity (XXE) Vulnerabilities in code
using any of a large number of common APIs. In commercial editions, there's also coverage
of additional frameworks in taint analysis rules for open redirects, SQL injection, XPath
injection and command injection.
Configuring decoration for BitBucket Server pull requests and GitLab merge requests just
got easier! GitLab MR decoration is now supported with Jenkins and other CIs. For
Bitbucket Server, once you've configured your instance in SonarQube, it's a simple matter
to set up PR decoration during new project configuration.
It's official! We support Docker!
The wait is over! With 8.2, we're releasing
officially supported Docker images for Community, Developer, and Enterprise
Queue the fireworks!
With every release, we add more rules and capabilities so you can find more issues:
- Improved support for C# 8
Expanded analysis of CSS in non-CSS files, including the addition of CSS
analysis in VueJS files