Developer Edition support for Security scan

If I opt for a Developer edition, then do I miss the scan results of any Security related vulnerabilities/hot spots in my code?

Hi @sbulakshmi,

you posted your topic under SonarCloud. and you refer to Developer Edition, which is related to SonarQube only.
Do you want to run security and quality analysis via SonarQube (on-prem) or SonarCloud (cloud) - depending on your CI toolchain.
For more info, you can read this blogpost.

And to answer more globally your point, SonarCloud and SonarQube Developer Edition have both rules to scan Security related vulnerabilities and hotspots in your code, depending on the programming language you use.


1 Like

Thanks Carine for helping me understand that there is nothing like Developer edition/Enterprise edition with Sonar cloud. That helps.

So when I looked at the site this difference is what I didn’t get exactly image and was trying to find if security scan would ever happen in the Developer edition.

If you are talking about installing SonarQube, then, yes, there are some differences between Developer and Enterprise Edition, mainly related to the Governance/Reporting features, only available in Enterprise Edition.

In the Developer Edition, you’ll find the rules to detect injection flaws and vulnerabilities.
In addition, in the Enterprise Edition, you’ll find Security reports which look like:

In this report, issues (vulnerabilities and Security Hotspots) are listed under OWASP and SANS classification (and we built our own SonarSource classification too).

If you want to try the Enterprise or Developer Edition, please click here to ask for a trial license key and set up a trial server.
You’ll see that there are other added features in Enterprise Edition that could be worth it :slight_smile:


1 Like

Got it, Thank you so much for the details