Sonarqube enterprise edition vs developer edition wrt security

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • how is SonarQube deployed: zip, Docker, Helm
  • what are you trying to achieve
  • what have you tried so far to achieve this

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

We use SonarQube 10.5 Developer edition with the maven sonar scanner version as
We are trying to compare how effective sonar is w.r.t. identifying security issues compared to other tools like Snyk.
We recently upgraded from version 9.9 to 10.5 to check for the latest enhancements in detecting security issues but haven’t seen any major change. I have a few questions:

  1. Is Sonar Deeper Sast the same as the default security hotspot detection in Sonarqube? I don’t see any option to enable deeper sast but this article kind of suggests that it is a different thing entirely.

  2. Does upgrading to the Enterprise edition give better Security hotspots analysis? I only see reporting added as a feature. Other than that, does it change the analysis?


Welcome to the community!

The same rules and level of detection are available in both Developer Edition($) and Enterprise Edition($$).

Deeper SAST is just part of it. Nothing for you to enable.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.