Differences between sonarqube community and developer

taryg19 · August 31, 2022, 10:06pm

Hello there,

I am interested on Sonarqube developer edition, but one of my main doubts about it is if Sonarqube developer have more rules for the languages that you’re already allowed to use in the community edition, I mean, seems that the community edition doesn’t cover all the owasp top ten at least in the javascript scanner, so is there any real difference between the rules you can use using the free edition and the developer edition talking about the rules?

Thank you all in advance

Hendrik_Buchwald · September 1, 2022, 7:20am

Hello Tary,

The Developer Edition has more rules than the Community Edition, yes. At the moment, DE has injection rules (i.e. taint-analysis) while the CE does not have these rules.
You can see which rules are available where on rules.sonarsource.com. For example, have a look at the bottom of JavaScript static code analysis: HTTP responses should not be vulnerable to session fixation.

Topic		Replies	Views
Is there any code rule changes in Sonar community Vs Developer and enterprise version? SonarQube Server / Community Build sonarqube , scanner , azuredevops-services	1	885	November 29, 2021
SonarQube Community vs. Developer Edition Security Scan SonarQube Server / Community Build java	1	718	November 28, 2023
Are all security rules such as SQL injection included in all editions of Sonarqube? SonarQube Server / Community Build sonarqube , rules	4	1597	January 6, 2022
OWASP coverage in SonarQube editions SonarQube Server / Community Build security	1	1216	July 20, 2020
Does Sonarqube catch OWASP Top 10 vulnerabilities for NodeJS / JavaScript SonarQube Server / Community Build javascript , sonarqube , node	5	1259	May 3, 2022

Differences between sonarqube community and developer

Related topics