SonarQube - Community edition - Security Compliance

Raji_TechM · March 2, 2022, 7:04am

Hello,

We are using SonarQube in our Production AWS pipeline.
Edition - Community
version - 8.9 LTS

does this above edition & version of SonarQube covers below security compliance

“Implement secure coding practice consistent with industry standards and best practices for new development activities, including without limitation, the Security Considerations in the System Development Life Cycle (SDLC) published by the National Institute of Standards and Technology, the U.S. Department of Commerce; ISO/IEC 27034 Information technology – Security techniques – Applications security, published by the International Organization for Standardization and Security by Design from Cyber Security Agency of Singapore throughout the SDLC.”

Thanks
SonarQube User
TechMahindra

ganncamp · March 3, 2022, 3:51pm

Hello,

I’m not familiar with the specifics of those standards so it’s difficult for me to respond specifically.

I can say that the use of SonarQube can help you address

I can also say that if security is a consideration, you should upgrade from Community Edition to at least Developer Edition($) which includes taint analysis rules. Additionally, you should consider using Latest (currently 9.3) rather than the LTS because security improvements are released with nearly every version.

HTH,
Ann

Topic		Replies	Views
Does SonarSource Implement secure coding practice SonarQube Server / Community Build	7	1011	October 13, 2022
Security Reports SonarQube Server / Community Build sonarqube	1	2443	November 5, 2020
SonarQube OWAPS security rules update SonarQube Server / Community Build	3	5026	April 12, 2019
Lesser rules available in SonarQube version SonarQube Server / Community Build sonarqube	1	379	August 14, 2020
How do i make sure my SonarQube is not exposing my code SonarQube Server / Community Build	3	122	May 5, 2024

SonarQube - Community edition - Security Compliance

Related topics