I need to download the SonarQube Community Edition 9.0.1 i.e. free and open source but concerned about security issues before going to install it on system. I am here looking for security information if anyone can provide. If you can provide a SOC2 that would be great.
It is required for use from Procurement Risk Analysis perspective.
I went through documentation but did not find any information.
Hello Sarita and welcome to the community!
This description of SOC2 states:
SOC 2 applies to any technology service provider or SaaS company that handles or stores customer data.
That does not seem to apply if you are using SonarQube CE since you host the service yourself.
We want to install this software in our systems. Concern is Do we have any risk from the Software? Can we face any security issues that is coming with this software installation, if any ?
For the last LTS 8.9 we conducted a security assessment by Cure53. You can find the summary here: https://cure53.de/summary-report_sonarqube-2021