ASVS Macro Usage

Once you have setup your SonarQube servers, you just need to use the SonarQube Connector OWASP  ASVS Macro to setup the resource you want to get the issues from.

With this macro you will display The OWASP ASVS  a broad consensus about establish a framework of security requirements and controls that focus on normalising the functional and
non-functional security controls required when designing, developing and testing modern web applications.

You have to complete these parameters:

  • SonarQube server: this is a dropdown list with the SonarQube servers configured through the plugin settings.

  • Resource Key: This is the key of the SonarQube resource where you are going to retrieve the quality metrics. You can get this key from your SonarQube project dashboard or your sonar-project analysis parameters. You can setup more than one resource/project key by providing a comma separated list of resource keys. Measures will be aggregated into a unique view of all the projects together.
    Note: Enterprise portfolio are also supported you can enter the portfolio name here.

  • Tags :This is an optional field. You can get the projects through the tags associated with them in SonarQube/SonarCloud. These tags can be obtained from your project page in SonarQube/SonarCloud or from the analysis properties. You can configure more than one tag by specifying a comma separated list of tags. The results will be aggregated in a single view with all the resources together.

  • Branch: Name of the branch (visible in the SonarQube UI)
    Only available on single project configuration