Scan Source Code using Static Application Security Testing (SAST) with SonarQube, Part 1

remko de knikker
Sep 17, 2020 · 9 min read


Security is an intimidating topic. Some parts of security are really advanced and hard, but there is a few very simple best practices to follow to secure your application. One of those is to include a tool in your DevOps pipeline, to automatically scan for vulnerabilities in your code each time you build. OpenSCAP is one such project, and SonarQube is another. Such a code scan is part of what is called Static Application Security Testing…