My company is considering the option of adding SonarQube to the DevSecOps pineline, and I’m tasked with evaluating several SAST, DAST or a combination of both IAST. Does SonarQube consist of both features? We are currently using Checkmarx, which is more SAST centered.
Patrick