Re: Make "sonar-apigee-plugin" compatible with Son...

anusmitadey · 09-13-2024 01:38 AM

Hi team,

we have integrated Sonarqube as part of our CICD deployment to Apigee.

According to Plugin version matrix (sonarsource.com) the plugin provided will not be compatible from Sonarqube 10.4 onwards. Also, the plugin has not been updated since December 2022 (Release v3.0.2 · CreditMutuelArkea/sonar-apigee-plugin · GitHub) Could you provide an update when can we expect the new release?

Thank you!

anusmitadey

@dchiesa1 could you please help?

nmarkevich

Hi @anusmitadey,

It seems the plugin you're referring to was developed quite some time ago, and it’s unclear whether it was officially created or maintained by the Apigee team. Updates don’t appear to be forthcoming.

However, if you're looking for a robust and reliable tool, I’d recommend giving CodeSent a try. It's specifically designed to integrate into the CI/CD pipeline and automatically detect vulnerabilities in Apigee API proxies. You can check it out here, and if you'd like to explore the basic rule set I recommend using, you can find it here. I'd be happy to offer you a free trial so you can see how it works in your setup.

Let me know if you're interested, and I can help get you started!

Hilda_Arteaga

Thanks for helping to clarify this question @nmarkevich

Make "sonar-apigee-plugin" compatible with SonarQube 10.4