Sonar Community - Enterprise edition query

SonarQube Server / Community Build
,
1

As-Is I’m using Sonar 9.9 LTS . However, I got some queries when I was going to
Download | SonarQube to understand latest

  1. Community Edition says “Detect Bugs & basic Vulnerabilities” and Developer Edition says “Detection of advanced vulnerabilities including Injection Flaws”. I was going to multiple docs in sonar and could not find the difference between what is categorized as basic vs what is advanced. I believe it is a set of rules that may not be available. However, what rules are they? Examples?

  2. " deeper SAST" - Is it applicable for all editions including community?

  3. Compute engine performance - It says it may impact accuracy. What exactly is impacted?

Requested mandatory Info

  • 9.9 LTS
  • .zip
  • understanding differences between editions and why EE
  • Read docs

Thanks for clarification

2

Hi,

The ‘advanced’ vulnerabilities are those detected with taint analysis, which follows user input from its source, all the way through the program - across methods and classes - to where it’s used. ‘Basic’ vulnerabilities are those that can be detected just within the method (or sometimes the class) context.

Nope. Commercial editions only.

Per the docs you linked (emphasis mine),

may impact the accuracy of issue tracking between branches.

I believe this is about understanding what branch an issue started in, and probably which branch’s status (Open vs False Positive or Won't Fix) is authoritative. More here.

 
HTH,
Ann