* [cwe](https://rules.sonarsource.com/java/tag/cwe) - relates to a rule in the [Common Weakness Enumeration](http://cwe.mitre.org/). For more on CWE and on security-related rules in general, see [Security-related rules](/user-guide/security-rules/).
* [design](https://rules.sonarsource.com/java/tag/design) - there is something questionable about the design of the code
* [lock-in](https://rules.sonarsource.com/java/tag/lock-in) - environment-specific features are used
-* [misra](https://rules.sonarsource.com/java/tag/misra) - relates to a rule in one of the [MISRA](http://www.misra.org.uk/) standards. While the MISRA rules are primarily about C and C++, many of them are not language-specific (E.G. don't use a float as a loop counter) but are simply good programming practices. That's why you'll see these tags on non-C/C++ rules.
* [owasp](https://rules.sonarsource.com/java/tag/owasp) - relates to a rule in the [OWASP Top Ten](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) security standards. Note, that the OWASP Top Ten is a list of high-level vulnerabilities which translates to many, many potential rules.
* [pitfall](https://rules.sonarsource.com/java/tag/pitfall) - nothing is wrong yet, but something could go wrong in the future; a trap has been set for the next person, and they'll probably fall into it and screw up the code.
* [sans-top25](https://rules.sonarsource.com/java/tag/sans-top25) - This tag is based on outdated statistics and should no longer be used. Instead, it's recommended to rely on the "CWE Top 25" reports, which are available in [Enterprise Edition](https://redirect.sonarsource.com/editions/enterprise.html).
projects / sonarqube.git / commitdiff