XXS and XXE detection, plus more Security Hotspot rules
While we've been improving Python analysis, we haven't forgotten the other languages. For Java, we've added
cryptography-focused Security Hotspot rules, and in commercial editions the ability to detect XSS vulnerabilities
for projects using Spring (Boot or Framework) with a Thymeleaf template engine.
For C#, there's a new rule to detect XML External Entity (XXE) Vulnerabilities in code using any of a large
number of common APIs. In commercial editions, there's also coverage of additional frameworks
in taint analysis rules for open redirects, SQL injection, XPath injection and command injection.
Configuring decoration for BitBucket Server pull requests and GitLab merge requests just got easier!
GitLab MR decoration is now supported with Jenkins and other CIs. For Bitbucket Server, once you've configured your
instance in SonarQube, it's a simple matter to set up PR decoration during new project configuration.
It's official! We support Docker!
The wait is over! With 8.2, we're releasing officially supported Docker images for Community, Developer,
and Enterprise Editions! Queue the fireworks!
With every release, we add more rules and capabilities so you can find more issues:
- Improved support for C# 8
- Expanded analysis of CSS in non-CSS files, including the addition of CSS analysis in VueJS files