Looking at purchasing SonarQube, and we’ve been evaluating the community edition so far, but we need a few more feature so we’re looking at Developer or Enterprise. I have some questions:
Our build times have gone from 3 to 4 mins to 18 mins or so, but with SQ sat on the same server as Azure DevOps. What steps could be taken to improve the build time - more memory, dedicated server, more disk space (SSDs), etc?
The Developer edition shows injection flaws - what are the specific rules for that? With the addition of PL/SQL, will it pick up SQL injection attacks, for example? Can injection flaw rules be customised, or added to?
In the Developer edition, can security (within SQ) be customised so only certain users can do certain things, e.g. mark issues as resolved?
What does the increased Governance look like in Enterprise, or better still, what do SonarSource define as governance?