Is it because the community edition cannot analyze CWE vulnerabilities? In my usage, I see that there is no data in the cves table and the cve_cwe table in the database, and there are also no CWE-related vulnerability defects in the rules table. Why is this?
Hello,
In the SonarQube Community Edition, certain rules are linked to Common Weakness Enumerations (CWEs). You can view these links by going to the Rules or Issues tab at the global/project level and selecting the Security Category > CWE category. More of these rules are available in commercial editions, which offer deeper support for more advanced vulnerabilities.
It’s important not to depend on the SonarQube database tables for analysis results. While this is not common, there are instances where the tables may represent features that are planned for the future or features that were never released to the public.