stackoom
  简体   繁体   中英

Does sonarqube community edition provide any sort of static application security testing

 原文  2021-02-09 17:36:43       sonarqube/ static-analysis/ sonarqube-scan/ security-testing

Question

We use sonarqube community edition and though it workes great for static code analysis, i don't see anything much significant when it comes to security analysis. It does flag security vulnerabilities and provides security reports for OWASP Top 10 and SANS Top 25. I am wondering if that is part of some static application security testing or we need to go with developer/enterprise editions for fully fledged end to end SAST. Please clarify.

1 answers

solution1
 0  2021-12-08 18:32:35

You get security vulnerability and hotspot scanning with the community edition. But for specific analysis, you need to get the paid versions. Here's a comparison of security-related features in those versions.

在此处输入图像描述

Source: https://www.sonarqube.org/downloads/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can SonarQube be used as a Static Application Security Testing (SAST) tool? Deactivate a rule in Sonarqube community edition SonarQube community edition for commercial project SonarCFamily plugin for SonarQube Community Edition Can we replace the Static application security testing SAST Tool like (Fortify, Checkmarx and IBM Appscan) with SonarQube Is there any way to enable sonarQube to use Dev branch instead of main in community edition? Master branch analysis with Sonarqube (Community Edition) Master and develop branch analysis in sonarQube (Community Edition) Unable to Found a Dashboard in Sonarqube community edition 7.0 Decorating the pull request in GitHub with SonarQube (Community Edition)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM