How to start Static Application Security Testing(SAST) with SonarQube?

  1. Install
  • sonar console
  • Open Projects tab > Add project > Manually > Write “Project key” > Set Up
  • Enter a name for your token > Generate > Continue
  • Select the “technology” and “OS”
  • For the test, I chose and downloaded the well-known vulnerable application juice-shop(
  • Open console > Navigate to the project folder > Execute the command from the “Execute the Scanner from your computer” part
  • The scan ended
  • Open the “Security Hotspots” > Review the findings



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


MSc in Cyber Security, OSCP and CEH Master certified. Awarded by Apple, Trello, Kraken... Connect me: