I’ve below regarding SonarQube commercial edition.
- How does the scanner detect vulnerabilities in ERP modules or business-critical logic?
- How often is the vulnerability ruleset updated?
- Can it analyse third-party/open-source libraries for known vulnerabilities (SBOM, CVEs)?
- How does it handle mobile code analysis for Android/iOS apps?
- Does it scan for insecure data storage, network communication?
- Can we export reports that map to compliance standards (e.g., ISO 27001, PCI-DSS)?
- How are false positives handled or suppressed?
- Is there role-based access to restrict who can view or resolve issues?
- What support options are available (SLA, response times)?
- Does it offer multi-tenancy if we have dev/test/prod environments?
Please help me to understand capabilities in SonarQube Server. Thanks in Advance