Deeper SAST Functionality - Hints and Tips

Coombsy · April 16, 2025, 3:03pm

Hi, first time creating a topic, so please be gentle.

I’m conducting a PoC to investigate the SQ server Deeper SAST functionality. We’ve created a SQ instance with temp license and moved some projects within it. All seems to be working well, but the deeper SAST scanning doesn’t seem to be working for us. There is no 1+1 = 3 type of issue where functionality of some of our code, calling on a library, leads to a deeper issue.
I’ve watched the videos and read the documentation, but what am I actually supposed to ‘See’?

Colin · April 17, 2025, 9:23am

Hey there.

It’s not obvious in SonarQube when a vulnerability has been identified as the result of Deeper SAST. However, you may find this demo repo we use interesting: GitHub - Sonar-Demos/deeper-sast-demo

Topic		Replies	Views
Deeper SAST feature setup SonarQube Server / Community Build sonarqube , scanner	2	232	October 25, 2023
Does SonarQube's Deeper SAST includes SCA? SonarQube Server / Community Build	4	754	March 18, 2025
Discrepancy in vulnerabilities in SAST identified by Sonarqube for Scala project SonarQube Server / Community Build sonarqube , scanner , scala	2	207	February 9, 2024
Looking for a SAST based plugin, please suggest SonarQube Cloud java , sonarqube , node	4	1711	August 5, 2024
Sonarqube for SAST SonarQube Server / Community Build	1	289	January 2, 2023

Deeper SAST Functionality - Hints and Tips

Related topics