SonarCloud Security Risk Assessment


recently we finished our proof of concept regarding the Sonar ecosystem and how it could improve code quality in our software projects. The result was that we think it’s really useful and that we would like to implement it in our development process. For maintenance reasons and since we already use Azure DevOps, we would prefer to use SonarCloud.

However, since we’re a big German corporation, it is not that easy to use a cloud service… I have a huge checklist of questions regarding organization and compliance, human resources security, physical environment security,… you get the idea. Who can answer me all of those questions?

Since we’re probably not the only corporation (especially German one) running into this problem, I thought it might be useful if you could share this information here.



Hello Robin,

Thank you for your interest in SonarCloud, I’m glad your POC went well.
You may be pleased to know that you are not alone and it is not just Germany. We do receive these requests occasionally from all over the world.

While we understand the needs of our customers and the importance of their strong compliance processes, SonarCloud is really designed to be self-service and this is one way we maintain great value for our customers. So we are not resourced yet for this level of due diligence but we may be in the future.

We take security very seriously and we find that most customers can make a decison on the risks posed to their organisation by reviewing our security and privacy statements: and Please read the terms as well:

And to provide for those companies who are not in a position to adopt a cloud solution, we have SonarQube.

Please can you send your request and questionnaire through the contact form at for review.

Kind regards,


Hey Mark,

thank you for your reply.
Am I just too stupid to find the attachment button in the contact form or isn’t there any?


No, you are correct, it will need to be attached in further conversation.
Kind regards,

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.