Sonar's repositories
argument-injection-vectors
A curated list of argument injection vectors
public-git-sync
Private to public Git repository synchronization
Benchmark
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
buildTools
DEPRECATED
Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
official-images
Primary source of truth for the Docker "Official Images" program
sonar-benchmarks-scores
share ground truths of popular SAST Benchmarks and how Sonar scores on them
sonarcloud_example_typescript-sqscanner-travis
TypeScript project analyzed on SonarCloud using Travis
CaYC-research
Clean as You Code research
css-test-sources
Used for https://github.com/SonarSource/sonar-css ruling
re-vault-plugins
Building plugins for HashiCorp Vault
SecurityShepherd
Web and mobile application security training platform
vulnerable-node
A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
WebGoat.Net-benchmark
OWASP WebGoat.NET
juliet-test-suite
:microscope: A collection of test cases in the Java language. It contains examples for 112 different CWEs.