Any vulnerability testing reports for SonarQube instance?

Hi Guys,

Anyone know if how I can find vulnerability testing report for SonarQube itself? For proving that SonarQube have been tested and secure to use. Just want to reference it.

I plan to use deploy it as Docker in version 9.9.4-community.

Hey there.

Here you go! https://assets-eu-01.kc-usercontent.com/183c41f4-cdce-0169-024b-75af40404bfe/46721f5d-1071-4b65-b2a2-e6c00f309e4a/SonarQube_Pen_Test_12_2022_LTS_Summary.pdf

You can read more in our Trust Center, which points to our Whistic profile with related documents.

1 Like

Appreciated Colin! :pray:

Those documents look like an Attestation letter. Is it possible for us to see actual Pen Test report provided by Cure53?

Thank you,
Nuttachai C.

All the docs we have available are in our Trust Center .