SonarQube ISO 5055 Panel
- Carlos Sánchez Prieto
The ISO 5055 report is an essential tool for developers, quality assurance professionals, and IT managers who aim to ensure that their software meets a rigorous set of quality and security standards. ISO 5055 provides a framework for measuring and improving the quality of software by defining specific requirements and best practices.
What the Report Shows
The report displays detailed evidence collected from SonarQube, a leading code quality and security analysis tool. The data includes:
ID: A unique identifier for each requirement, corresponding to the ISO 5055 standard.
Name: The specific name of the requirement, providing a quick reference to the quality or security control.
Category Rating: An assessment of the requirement's importance and potential impact on the software's quality and security. Ratings are typically categorized (e.g., A, E) to help prioritize efforts.
ISO 5055 Chapters: For each chapter of the ISO 5055 standard, the report shows:
CWE Passed: The number of Common Weakness Enumerations (CWEs) that the application has successfully passed.
CWE Failed: The number of CWEs that the application has failed.
CWE Not Computed: The number of CWEs that were not applicable or could not be computed.
Vulnerabilities: A breakdown of the number of vulnerabilities detected,
Hotspots to Review: Specific areas of the code flagged for further manual inspection, helping to identify potential quality or security issues that automated analysis might miss.
Â
You can create Jira issues based on this vulnerabilities and hotspots as you could from issues breakdown.
Â
Â
Â