ASVS and MASVS report on SonarCloud / SonarQube

Good day:

I’d like to know if there’s a way I can detect vulnerabilities and export an executive/technical based on ASVS and MASVS with SonarCloud.

In case it is not possible, can it be done with SonarQube? and Does it require to have the enterprise version to detect these vulnerabilities based on ASVS and MASVS?

And finally, if SonarCloud and/or SonarQube can do this, what programming languages does it support?

Thank you in advance for your help!!


If you want ASVS reports, then you’ll need to switch to SonarQube Enterprise Edition($$). Regarding languages, you’re going to find the strongest support for Java, PHP, C#, C, C++, Python, and JavaScript/TypeScript.