We would like to request that SonarQube’s scanning capabilities be enhanced to detect security issues mentioned in the Android Security Improvement Program (as outlined at App security improvement program | Security | Android Developers).
We used the self-hosted SonarQube Developer Edition v10.3 to scan our mobile app’s source code for security vulnerabilities. Although our application passed the SonarQube scan with zero vulnerabilities detected, it failed to identify the WebView SSLHandler security issue flagged by the Android team.