Docs/update readme (#45)

* update README.md

* update rule meta data

* update repository name

* rename plugin class

* add logging to that sbom was successfully generated

README.md

@@ -9,10 +9,10 @@ in source code and generates [CBOM](https://cyclonedx.org/capabilities/cbom/).
 
 ## Version compatibility
 
-| Plugin Version | SonarQube Version                      |
-|----------------|--------------------------------------- |
-| 2.0.0 and up (_coming soon_)   | SonarQube 10.x.x and up  |      
-| 1.x.x          | SonarQube 9.8.x up to 9.9.x (lts)      |
+| Plugin Version               | SonarQube Version                 |
+|------------------------------|-----------------------------------|
+| 2.0.0 and up (_coming soon_) | SonarQube 10.x.x and up           |      
+| 1.x.x                        | SonarQube 9.8.x up to 9.9.x (lts) |
 
 ## Supported languages and libraries
 
@@ -38,7 +38,8 @@ SonarQube ([more](https://docs.sonarqube.org/latest/setup-and-upgrade/install-a-
 
 > [!NOTE]
 > We are currently in the process of adding the plugin to the SonarQube marketplace. You will then be able to install
-> the plugin directly via the marketplace and no longer have to add it manually to the plugin directory.
+> the plugin directly via the marketplace (only applicable for the community version, 
+> [see](https://docs.sonarsource.com/sonarqube/latest/instance-administration/marketplace/)).
 
 ## Using
 
@@ -48,22 +49,17 @@ If you enable these rules, a source code scan creates a cryptographic inventory
 [CBOM](https://cyclonedx.org/capabilities/cbom/) with all cryptographic assets and writing 
 a `cbom.json` to the scan directory.
 
-### Create a Quality Profile with Cryptographic Rules
+### Add Cryptography Rules to your Quality Profile
 
-The crypto rules added by the plugin are not per default activated. Create a new quality profile for a specific language.
+This plugin incorporates rules specifically focused on cryptography.
 
-![Quality Profile with Crypto Rules](.github/img/quality_profile.png)
-
-Then (on the top right) open the profile settings and activate more rules. Find the new
-rules (IBM Cryptography) and activate them.
+> To generate a Cryptography Bill of Materials (CBOM), it is mandatory to activate at 
+> least one of these cryptography-related rules.
 
 ![Activate Rules Crypto Rules](.github/img/activate_rules.png)
 
-Open the project you created before and open *Project Settings* and there *Quality Profile*.
-If not already there, add Java or Python as a language and select the extended Quality Profile with the
-activated crypto rules.
-
-![Project Quality Profile](.github/img/project_qp.png)
+As of the current version, the plugin contains one single rule for creating a cryptographic inventory. 
+Future updates may introduce additional rules to expand functionality.
 
 ### Scan Source Code
 

java/src/main/java/com/ibm/plugin/JavaScannerRuleDefinition.java

@@ -28,7 +28,7 @@
 
 public class JavaScannerRuleDefinition implements RulesDefinition {
     public static final String REPOSITORY_KEY = "sonar-java-crypto";
-    public static final String REPOSITORY_NAME = "IBM Cryptography (Java)";
+    public static final String REPOSITORY_NAME = "Sonar Cryptography";
 
     // Add the rule keys of the rules which need to be considered as template-rules
     private static final Set<String> RULE_TEMPLATES_KEY = Collections.emptySet();

java/src/main/resources/org/sonar/l10n/java/rules/java/Inventory.html

@@ -1 +1,10 @@
-<p>Crypto inventory of source code</p>
+<h2>Cryptography Usage: Be careful</h2>
+
+<p>Cryptography is a critical component of modern digital security, protecting sensitive data and communications
+    from unauthorized access. However, implementing cryptographic systems correctly is notoriously challenging,
+    even for experienced developers. Therefore, caution is necessary when writing code related to
+    cryptography.</p>
+
+<p>It is important that you read the documentation for the cryptographic library you are using and strictly
+    adhere to the specified implementation guidelines.</p>
+

java/src/main/resources/org/sonar/l10n/java/rules/java/Inventory.json

@@ -1,5 +1,5 @@
 {
-  "title": "Crypto Inventory",
+  "title": "Cryptographic Inventory (CBOM)",
   "type": "CODE_SMELL",
   "status": "ready",
   "remediation": {
@@ -8,8 +8,8 @@
   },
   "tags": [
     "cryptography",
-    "algorithm",
-    "rules"
+    "cbom",
+    "cwe"
   ],
   "defaultSeverity": "Minor",
   "scope": "Main",

python/src/main/java/com/ibm/plugin/PythonScannerRuleDefinition.java

@@ -28,7 +28,7 @@
 
 public class PythonScannerRuleDefinition implements RulesDefinition {
     public static final String REPOSITORY_KEY = "sonar-python-crypto";
-    public static final String REPOSITORY_NAME = "IBM Cryptography (Python)";
+    public static final String REPOSITORY_NAME = "Sonar Cryptography";
 
     // Add the rule keys of the rules which need to be considered as template-rules
     private static final Set<String> RULE_TEMPLATES_KEY = Collections.emptySet();

python/src/main/resources/org/sonar/l10n/python/rules/python/Inventory.html

@@ -1 +1,9 @@
-<p>Crypto inventory of source code</p>
+<h2>Cryptography Usage: Be careful</h2>
+
+<p>Cryptography is a critical component of modern digital security, protecting sensitive data and communications
+    from unauthorized access. However, implementing cryptographic systems correctly is notoriously challenging,
+    even for experienced developers. Therefore, caution is necessary when writing code related to
+    cryptography.</p>
+
+<p>It is important that you read the documentation for the cryptographic library you are using and strictly
+    adhere to the specified implementation guidelines.</p>

python/src/main/resources/org/sonar/l10n/python/rules/python/Inventory.json

@@ -1,5 +1,5 @@
 {
-  "title": "Crypto Inventory",
+  "title": "Cryptographic Inventory (CBOM)",
   "type": "CODE_SMELL",
   "status": "ready",
   "remediation": {
@@ -8,8 +8,8 @@
   },
   "tags": [
     "cryptography",
-    "algorithm",
-    "rules"
+    "cbom",
+    "cwe"
   ],
   "defaultSeverity": "Minor",
   "scope": "Main",

sonar-cryptography-plugin/pom.xml

@@ -57,7 +57,7 @@
                 <configuration>
                     <pluginKey>sonar-crypto-plugin</pluginKey>
                     <pluginName>Sonar Crypto Plugin</pluginName>
-                    <pluginClass>com.ibm.plugin.CryptoPlugin</pluginClass>
+                    <pluginClass>com.ibm.plugin.CryptographyPlugin</pluginClass>
                     <pluginApiMinVersion>${sonar.version}</pluginApiMinVersion>
                     <sonarLintSupported>true</sonarLintSupported>
                     <skipDependenciesPackaging>true</skipDependenciesPackaging>

sonar-cryptography-plugin/src/main/java/com/ibm/plugin/CryptoPlugin.java → sonar-cryptography-plugin/src/main/java/com/ibm/plugin/CryptographyPlugin.java

@@ -24,17 +24,17 @@
 import org.sonar.api.utils.log.Logger;
 import org.sonar.api.utils.log.Loggers;
 
-public class CryptoPlugin implements org.sonar.api.Plugin {
+public class CryptographyPlugin implements org.sonar.api.Plugin {
 
     @SuppressWarnings({"java:S1874"})
-    private static final Logger LOGGER = Loggers.get(CryptoPlugin.class);
+    private static final Logger LOGGER = Loggers.get(CryptographyPlugin.class);
 
     @Override
     public void define(Context context) {
         SonarRuntime runtime = context.getRuntime();
         SonarProduct product = runtime.getProduct();
 
-        LOGGER.info("Crypto Plugin initializing in Context (" + product + ")");
+        LOGGER.info("Sonar Cryptography initialized in context (" + product + ")");
 
         context.addExtensions(Configuration.getPropertyDefinitions()); // add configuration
         context.addExtensions(

sonar-cryptography-plugin/src/main/java/com/ibm/plugin/OutputFileJob.java

@@ -25,8 +25,13 @@
 import org.sonar.api.batch.postjob.PostJob;
 import org.sonar.api.batch.postjob.PostJobContext;
 import org.sonar.api.batch.postjob.PostJobDescriptor;
+import org.sonar.api.utils.log.Logger;
+import org.sonar.api.utils.log.Loggers;
 
 public class OutputFileJob implements PostJob {
+
+    private static final Logger LOGGER = Loggers.get(OutputFileJob.class);
+
     @Override
     public void describe(PostJobDescriptor postJobDescriptor) {
         postJobDescriptor.name("Output generation");
@@ -41,5 +46,6 @@ public void execute(@Nonnull PostJobContext postJobContext) {
                         .orElse(Constants.CBOM_OUTPUT_NAME_DEFAULT);
         ScannerManager scannerManager = new ScannerManager(new CBOMOutputFileFactory());
         scannerManager.getOutputFile().saveTo(new File(cbomFilename + ".json"));
+        LOGGER.info("CBOM was successfully generated '" + cbomFilename + ".json'.");
     }
 }

sonar-cryptography-plugin/src/test/java/com/ibm/plugin/PluginTest.java

@@ -37,7 +37,7 @@ void testExtensions() {
                 SonarRuntimeImpl.forSonarQube(
                         Version.create(9, 5), SonarQubeSide.SCANNER, SonarEdition.COMMUNITY);
         Plugin.Context context = new PluginContextImpl.Builder().setSonarRuntime(runtime).build();
-        CryptoPlugin plugin = new CryptoPlugin();
+        CryptographyPlugin plugin = new CryptographyPlugin();
         plugin.define(context);
         Assertions.assertEquals(6, context.getExtensions().size());
     }