Application Security Support for SAST & DAST in SonarQube

We are also looking to see some SAST and DAST capabilities as a part of our Tool chain.

As per understanding, we have SAST Capabilities available with SonarQube ?

Also, can we integrate some DAST Capabilities /Analysis with Sonar Dashboard…?

So that we don’t need to go for 2 solutions if we need both SAST and DAST for Web Application.

Please advise.

Hello Tripti,

yes, you are correct, SonarQube does have SAST capabilities. You can find detailed information about it here: https://www.sonarqube.org/features/security/ There is no official DAST integration for SonarQube.

Best regards,
Hendrik

1 Like

Can SonarLint provide DAST support in any way?

No, SonarLint also analyzes the code statically, so without executing it.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.