To scan .net/C# code. In fact, Gitlab themselves are using it. Cross linking this issue:
It seems like the plugin in SonarQube is no longer supported and the community feels its hard to integrate. Would be interesting for some feedback on what is difficult to integrate and ultimately seeing this scan support added would be interesting!
I don’t know what the source of the difficulty is. The Security Code Scan analyzers are Roslyn-based analyzers, so if you have configured your projects to reference its NuGet package then the analyzers will be executed during the build and the results automatically imported to SonarQube/Cloud as external issues.