Part of my work involves helping corporations adopt a set of software development best practices known as Continuous Integration and Continuous Delivery. The buzz word that we use in the tech circle for these set of practices is CI/CD.
The mantra of CI/CD focuses on the use of a DevOps toolchain for addressing all aspects of software development. To construct this toolchain, there are plenty of open source tools that help in the roll out of software projects using CI/CD, and one of those tools is SonarQube.
A rewarding bug bounty will involve discovery of security vulnerabilities, software bugs and their recommended resolutions, which when brought to the attention to the client paying for the bug hunt, will no doubt be lucrative for the bug hunter.
In the following images, you can see that I have setup SonarQube, on a cloud environment that is powered by Red Hat OpenShift Application Runtimes technology, and successfully used it in analyzing the source code of a Java EE application called Mlbparks.
SonarQube not only identifies the security vulnerabilities and bugs in the application source code of Mlbparks, it even recommends solutions to fix them!
Armed with this tool, as part of your trusty DevOps toolchain, and skilled in relevant code analysis techniques, now you can be a trusted advisor to corporations looking to fix source code issues.
Indeed there is good, honest money waiting to be made not just from bug hunting, but also in implementing software development best practices like CI/CD.
