SonarQube Community vs. Developer Edition Security Scan

Hello SonarQube Community!

I have a question regarding security scanning between SonarQube Community Edition and Developer Edition:

  1. How do security scanning features differ between SonarQube Community and Developer Editions?
  2. Could you clarify the specific vulnerabilities covered in Developer Edition but not in Community Edition?
  3. What are the key distinctions in detecting Bugs and Basic Vulnerabilities between the two editions?
  4. How effective is Community Edition in identifying general security issues?
  5. What advanced vulnerability detection features, especially for Injection Flaws, does Developer Edition offer?
  6. In the comparative analysis of Injection Flaw detection, what methodologies, effectiveness, and specific types are identified?

Thank you in advance for your assistance!

Hey there.

I won’t go question by question – but Developer Edition (and above) of SonarQube offers these rules tagged #injection on (this link is for Java, but applies for any of the other language(s) that Developer Edition supports.

Community Edition supports those Vulnerability rules not tagged #injection.