New to Sonarqube

Good afternoon,

I recently started using SonarQube dev. edition and I am trying to research how to maintain and update the server. Is there a plugin update process like you would update ACAS plugins? I’m super new to the software and I need to maintain the system…

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension)
• how is SonarQube deployed: zip, Docker, Helm
• what are you trying to achieve
• what have you tried so far to achieve this

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Hey there!

Help me out here – what’s an ACAS plugin?

Hello, I guess what I am asking is how to update the signatures so that I can identify vulnerabilities with the most up methods.

Unlike someting like malware scanner that relies on frequently updated signature databases to detect the latest threats, SonarQube uses a set of static analysis rules to assess code quality and security.

SonarQube regularly gets new analysis rules (and improvements to existing ones) with each product update (approximately every two months, or annually for the long-term supported version). To get the latest rules, keep your SonarQube instance updated.

For those using SonarQube Advanced Security (available as an add-on to the Enterprise Edition), the database identifying vulnerable dependencies is updated continuously.

Hope that helps!