OWASP coverage in SonarQube editions


I’m looking for a clear picture of the differences between the owasp rules implemented in each edition, if there are differences.
I saw that the link provided, the one in SonarCloud is no more available. There is another page or document that explain that?



Talking about security rules, there are only differences between the SonarQube Community Edition (CE) and Developer Edition (DE). The SQ Enterprise or Data Center have the same set of rules than the DE. They come with other features but no additional security rules.

SonarQube DE comes with an additional set of injection rules mainly covering the OWASP A1 category.

Java: https://rules.sonarsource.com/java/tag/injection
C#: https://rules.sonarsource.com/csharp/tag/injection
PHP: https://rules.sonarsource.com/php/tag/injection
Python: https://rules.sonarsource.com/python/tag/injection


1 Like