We are considering purchasing SonarCloud’s services for our organization, but have some questions about the security policy that are not answered on the posted security statement 4. Any information would be greatly appreciated:
- Are the security levels in 14 day free trial and full paid version same?
- Is our source code accessible to any third party that you are engaged with for any services like penetration testing? If yes, then how to your ensure that our data and source code is safe and secure?
- Is our source code read only?
- How long do you retain our information/source code once the scan is performed? What is your disposal mechanism?
Thanks in advance,