Security rules that are not in community

I am in the evaluation phase and beginner to sonar qube. My company is planning to move to sonar qube for code review. Can you please help me in knowing what all specific security rules are not available in Community Edition.

Any suggestion would be really appreciable.

Welcome :slight_smile:

see Programming Language Coverage
for the supported languages in Sonarqube Community Edition.
You may also go via if interested in specific language,
the subpage shows the edition it’s available in, i.e.
It shows also rule categories, i.e.

Or use to check the rules for languages not contained
in Community Edition, i.e.


To offer a little more clarity: Rules tagged with injection on are only available in the Developer Edition and higher. These rules take advantage of a taint analysis engine developed at SonarSource, to detect untrusted user data is it flows through your code.

Such rules are available for Java, C#, Python, PHP (more languages on the way!). For example, these are the Java rules tagged with injection

More basic vulnerabilities, and all Security Hotspots, are available in all editions.

You might find this recent webinar, Empowering Developers to own Code Security helpful.