SonarCloud - Pen Testing and Cost Questions

Daniel_w · June 11, 2021, 3:38pm

Hello! I’m doing some research into SonarCloud and have a few questions.

Does SonarCloud provide a service to do penetration testing on our applications?
In my analyses, I exclude my tests using sonar.exclusions, but also include them in coverage using sonar.tests and sonar.test.inclusions. Would these test files count toward my LOC when determining which tier of SonarCloud I need to purchase?

Thank you

Alexandre_Gigleux · June 11, 2021, 6:20pm

Hello,

Welcome to the SonarCloud community!

SonarCloud does only SAST, so static analysis of your code. SonarCloud doesn’t provide any pentest services.
The price is based on the LOC (Line of Code) metric which is computed based on your main files. Test files are not counted in your LOCs. Still, we raise test specific issues on them … for free.

Alex

Daniel_w · June 11, 2021, 9:25pm

Thanks so much! This was very helpful. As a follow-up: I’m assuming pentests are not offered with SonarQube (the self-hosted version) either, is that correct?

Clint.Cameron · June 14, 2021, 1:09pm

Daniel,

That is correct. SonarQube does not provide pentest services. Thanks!

Clint

system · June 21, 2021, 1:10pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Conduct Pentest to Sonarcloud SonarQube Cloud security	2	556	September 4, 2020
Analysis completed but Missing LOC, Duplications, Coverage SonarQube Cloud csharp , scanner , coverage , sonarqube-cloud	7	927	July 6, 2022
Typescript Test Code consuming Lines of Code (LOC) SonarQube Cloud dotnet	8	782	June 5, 2023
SonarCloud is charging LOC lines in a month even thought it has not being used SonarQube Cloud sonarqube-cloud	2	439	May 12, 2022
SonarCloud: "uncovered code" despite tests not being set SonarQube Cloud coverage	2	223	January 16, 2024

SonarCloud - Pen Testing and Cost Questions

Related topics