Scribd
Upload
14 views4 pages

Be-15 66 Dso Exp10

Uploaded by

Shreya Mewada
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views4 pages

Be-15 66 Dso Exp10

Uploaded by

Shreya Mewada
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Mahavir Education Trust's

SHAH & ANCHOR KUTCHHI ENGINEERING COLLEGE


Chembur, Mumbai - 400 088
UG Program in Cyber Security

Name: Devang Dedhia Department: Cyber Security

Div: BE-15 Roll No: 66

Subject: DSO

Experiment No. – 10

Date of Performance: 16/09/2024

Date of Submission: 07/10/2024

Program Execution/
formation/ Timely
Viva Experiment
correction/ Submission Sign with Date
(03) Total (10)
ethical practices (01)
(06)
Mahavir Education Trust's
SHAH & ANCHOR KUTCHHI ENGINEERING COLLEGE
Chembur, Mumbai - 400 088
UG Program in Cyber Security

Experiment No. 10

Aim: To implement threat models to identify threats in the system using Threat Dragon.

Lab Outcome: Use Sonarqube and snyk to perform code quality checks and Threat Dragon to
create threat models to identify threats in the system

Theory:

What is SonarQube:
SonarQube is an open-source platform for continuous inspection of code quality. It performs
automatic reviews to detect bugs, security vulnerabilities, and code smells in your project’s
code.

Why Use SonarQube:

 Continuous Inspection: Integrates with CI/CD pipelines to provide ongoing


feedback on code quality.
 Multi-Language Support: Supports multiple programming languages including
Java, Python, JavaScript, etc.
 Security Analysis: Detects vulnerabilities in your code and ensures that it is free of
known security issues.
 Customizable: SonarQube’s rules and thresholds can be customized to fit your
project’s specific needs.

Steps to Implement Static Application Security Testing Using SonarQube:

1. Install SonarQube:
o For Ubuntu:

bash
Copy code
sudo apt update
sudo apt install openjdk-11-jdk
wget
https://binaries.sonarsource.com/Distribution/sonarqube/sonarqu
be-8.9.0.43852.zip
unzip sonarqube-8.9.0.43852.zip
cd sonarqube-8.9.0.43852

2. Start SonarQube:
o Start SonarQube by running:

bash
Copy code
./bin/linux-x86-64/sonar.sh start
Mahavir Education Trust's
SHAH & ANCHOR KUTCHHI ENGINEERING COLLEGE
Chembur, Mumbai - 400 088
UG Program in Cyber Security

3. Access SonarQube Dashboard:


o Open a web browser and navigate to http://localhost:9000 to access the
SonarQube dashboard.
4. Analyze Project Code:
o Install SonarQube scanner:

bash
Copy code
brew install sonar-scanner

o Add a sonar-project.properties file in the root directory of your project


with the following content:

properties
Copy code
sonar.projectKey=my_project
sonar.host.url=http://localhost:9000
sonar.login=your_sonarqube_token

o Run the scanner:

bash
Copy code
sonar-scanner

5. Review Results:
o SonarQube will analyze the code and display the results on the dashboard.
Look for security vulnerabilities, bugs, and code smells.
Mahavir Education Trust's
SHAH & ANCHOR KUTCHHI ENGINEERING COLLEGE
Chembur, Mumbai - 400 088
UG Program in Cyber Security

Output:

The following output shows a successful scan and the detection of potential vulnerabilities
and code smells:

makefile
Copy code
INFO: Scanner found 3 bugs, 2 vulnerabilities, 5 code smells in 1 project.
INFO: Analysis report uploaded successfully.
INFO: Quality gate passed.

Conclusion:

By implementing SonarQube, developers can perform static application security testing to


identify security vulnerabilities early in the development process, ensuring that the code
adheres to security standards and is free of bugs.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy