There was announcement for Injection flaw detection in PHP plugin: https://www.sonarqube.org/sonarqube-7-7/
Since injection flaw detection is available in commercial editions only,
I am wondering how it’s solved from programmer perspective and releases.
Is there a separate repository for version with injections detection which is
then copied to public repository with this functionality removed?
Well first of all it’s not clear to me why you are asking this question? Meaning which problem are you trying to solve by better understanding packaging of SonarQube Commercial Editions.
Generally speaking although historically a number of SonarQube languages/features could be mapped to individual plugins, you would find this is less and less the case. Each SonarQube Edition should be considered a package of its own, built and distributed as is. (meaning you shouldn’t try to compare Community Edition packaging and Commercial packaging as a matter of adding/removing bits and pieces from each package).
I was just curious how large software is maintained.
There isn’t better suited section than “Get help”, so I posted it here.
That’s all
Thanks for some explanation!