I am in the evaluation phase and beginner to sonar qube. My company is planning to move to sonar qube for code review. Can you please help me in knowing what all specific security rules are not available in Community Edition.
Any suggestion would be really appreciable.
see https://www.sonarsource.com/plans-and-pricing/community/ Programming Language Coverage
for the supported languages in Sonarqube Community Edition.
You may also go via https://www.sonarsource.com/languages/ if interested in specific language,
the subpage shows the edition it’s available in, i.e. https://www.sonarsource.com/swift/
It shows also rule categories, i.e. https://rules.sonarsource.com/swift/type/Vulnerability
Or use https://rules.sonarsource.com/ to check the rules for languages not contained
in Community Edition, i.e. https://rules.sonarsource.com/swift/type/Security%20Hotspot
To offer a little more clarity: Rules tagged with
injection on https://rules.sonarsource.com are only available in the Developer Edition and higher. These rules take advantage of a taint analysis engine developed at SonarSource, to detect untrusted user data is it flows through your code.
Such rules are available for Java, C#, Python, PHP (more languages on the way!). For example, these are the Java rules tagged with
More basic vulnerabilities, and all Security Hotspots, are available in all editions.
You might find this recent webinar, Empowering Developers to own Code Security helpful.