ASVS and MASVS report on SonarCloud / SonarQube

Jorge · January 19, 2023, 6:12am

Good day:

I’d like to know if there’s a way I can detect vulnerabilities and export an executive/technical based on ASVS and MASVS with SonarCloud.

In case it is not possible, can it be done with SonarQube? and Does it require to have the enterprise version to detect these vulnerabilities based on ASVS and MASVS?

And finally, if SonarCloud and/or SonarQube can do this, what programming languages does it support?

Thank you in advance for your help!!

ganncamp · January 23, 2023, 6:40pm

Hi,

If you want ASVS reports, then you’ll need to switch to SonarQube Enterprise Edition($$). Regarding languages, you’re going to find the strongest support for Java, PHP, C#, C, C++, Python, and JavaScript/TypeScript.

HTH,
Ann

Topic		Replies	Views
General queries on Sonar SonarQube Server / Community Build sonarqube	4	760	August 6, 2019
Top OWASP Preset - Request SonarQube Cloud security , owasp	4	111	August 5, 2024
OWASP ASVS requirements validated by SonarQube in the Security Report SonarQube Server / Community Build security , owasp	2	202	September 19, 2024
Should Sonar Cloud detect Java CVEs? SonarQube Cloud	2	353	March 18, 2025
Reporting vulnerabilities in GitLab SonarQube Cloud enterprise	1	13	March 27, 2025

ASVS and MASVS report on SonarCloud / SonarQube

Related topics