SonarQube - Community edition - Security Compliance


We are using SonarQube in our Production AWS pipeline.
Edition - Community
version - 8.9 LTS

does this above edition & version of SonarQube covers below security compliance

“Implement secure coding practice consistent with industry standards and best practices for new development activities, including without limitation, the Security Considerations in the System Development Life Cycle (SDLC) published by the National Institute of Standards and Technology, the U.S. Department of Commerce; ISO/IEC 27034 Information technology – Security techniques – Applications security, published by the International Organization for Standardization and Security by Design from Cyber Security Agency of Singapore throughout the SDLC.”

SonarQube User


I’m not familiar with the specifics of those standards so it’s difficult for me to respond specifically.

I can say that the use of SonarQube can help you address

I can also say that if security is a consideration, you should upgrade from Community Edition to at least Developer Edition($) which includes taint analysis rules. Additionally, you should consider using Latest (currently 9.3) rather than the LTS because security improvements are released with nearly every version.