Comments (8)
ejohn20
commented on July 21, 2024
If puma scan is installed via a NuGet package, it appears that Sonar supports importing those warnings: https://docs.sonarqube.org/pages/viewpage.action?pageId=11640944.
from puma-scan.
ejohn20
commented on July 21, 2024
Comment from duplicate issue: I actually want to edit this pumasecurity, create nuget package and then integrate it with sonarqube. May I know how can we create nuget package after editing puma security?
from puma-scan.
ejohn20
commented on July 21, 2024
We encourage folks to fork our repository, make customizations, and contribute back via a merge request if you'd like to enhance the project.
Are you looking to create a sonar integration only, or do you have also have custom rules that you'd like to integrate as well?
Overall, I would start by looking in the Puma.Security.Parser project, which parses the build results (MSBuild) and pulls out all of the SEC### issues. This project currently exports the data to MSBuild and SARIF formatted results.
This project could easily be enhanced to call the Sonar API and upload the Puma results to a given Sonar project.
from puma-scan.
ejohn20
commented on July 21, 2024
Comment from duplicate issue: I actually want to edit this pumasecurity, create nuget package and then integrate it with sonarqube. May I know how can we create nuget package after editing puma security?
Answering your nuget question, the Rules project is configured to build a nuget package during each build. It is output into the Rules/bin/Debug|Release directory.
from puma-scan.
projectrvce
commented on July 21, 2024
Severity Code Description Project File Line Suppression State
Error The command ""C:\Users\meghanar\Downloads\pumascan\puma-scan-2.0.0.1\packages\NuGet.CommandLine.3.4.3\tools\NuGet.exe" pack Diagnostic.nuspec -NoPackageAnalysis -Version 2.0.0.1 -OutputDirectory ." exited with code 3. Puma.Security.Rules C:\Users\meghanar\Downloads\pumascan\puma-scan-2.0.0.1\Rules\Puma.Security.Rules.csproj 400
I am getting this error when i am trying to build the solution. Can you please help me in overcoming this problem?
from puma-scan.
ejohn20
commented on July 21, 2024
We just released v2.1.0.0 this morning. I'd recommend pulling the latest code. It is now targeting .NET Standard 2.0 instead of the full framework. This will get us on the same page.
from puma-scan.
ejohn20
commented on July 21, 2024
Did you get this integration working? If so, willing to contribute back for other folks? We have had a lot of people ask about how to do this. Even just a write up of how to do it would be very helpful.
from puma-scan.
projectrvce
commented on July 21, 2024
It was working when I tried it some couple of days back. I never tried after that.
from puma-scan.
Related Issues (20)
- SEC0108 warning with recommended overload HOT 1
- Visual Studio 2019 support HOT 8
- How to create the nuget pacakage manually for this project HOT 1
- Taint Analysis HOT 4
- error when added as nuget package to some vulnerable application
- Flow sensitive analysis HOT 1
- Using RoslynSDKgenerator jar is not getting created HOT 6
- Package version was not found: 2.0.0 HOT 1
- XmlException when used in a project with PostSharp HOT 7
- Is it possible to update dependency on Microsoft.CodeAnalysis 2.9.0 HOT 4
- SEC0108 warning false reporting
- Invalid Certificate HOT 2
- 2.4.7 release on marketplace.visualstudio but no release nor commits here HOT 1
- jwt AuthorizeAttribute ignored HOT 1
- Only .net supported? HOT 1
- Visual Studio 2022 Support HOT 2
- SEC0120 False positivites when using policy with required authenticated user
- Supression Pragmas or way to turn off warnings ?
- I don't understand how to fix problems (SEC0112, SEC0032)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puma-scan.