Many other SAST platforms use:
https://security-code-scan.github.io/
To scan .net/C# code. In fact, Gitlab themselves are using it. Cross linking this issue:
It seems like the plugin in SonarQube is no longer supported and the community feels its hard to integrate. Would be interesting for some feedback on what is difficult to integrate and ultimately seeing this scan support added would be interesting!
Hi @jvasallo - welcome to the community.
I don’t know what the source of the difficulty is. The Security Code Scan analyzers are Roslyn-based analyzers, so if you have configured your projects to reference its NuGet package then the analyzers will be executed during the build and the results automatically imported to SonarQube/Cloud as external issues.
See this post for more info and the docs for more information.