Skip to content

Leyart/sonar-java4semgrep

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
src/main/java/lang
src/main/java/lang
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.MD
CONTRIBUTING.MD
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

sonar-java4semgrep

Goal of the project is to map every java rule that has been defined as part of Sonar Java to a corresponding Semgrep rule.

Semgrep has some advantages over SonarQube, namely:

  • Semgrep rules look like the source code you’re writing. Writing custom rules with SonarQube requires familiarity with abstract syntax trees (ASTs).
  • Semgrep claims possible analysis up to 20K-100K loc/sec per rule. SonarQube authors report approximately 0.4K loc/sec for rulesets in production.
  • Semgrep CI supports scanning only changed files (differential analysis), SonarQube does not

On the other hand, the number of rules supported by Semgrep is minimal compared to the support that Sonarqube has received over the years.

This project intends to solve this gap over time.

To contribute, please refer to Contributing

License

Licensed under the GNU Lesser General Public License, Version 3.0

About

Public sonar-java rules converted for semgrep

Topics

hacktoberfest

Resources

Readme

License

LGPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages