Hello everyone,
Thank you to all who attended the session, you can now find below the questions that were asked during our webinar:
Q: Regarding portfolios, can a code project be part of multiple portfolios simultaneously, supporting different drill-downs, e.g. By language, department, etc?
A: If you have one portfolio that contains any sub-portfolios, that project can only show up in one sub-portfolio. We do that to make sure that projects don’t get double-counted. However, when you create multiple portfolios on a SonarQube instance, they are completely separate, so you could have one portfolio specifically focused on anguage and another one as a drill down for your organizational hierarchy. In that case, the project can exist in both, but remember that your project can’t exist twice within the same portfolio structure.
Q: Can Sonar run in a FIPS compliant environment?
A: As of now no, but it will be the case very soon with the release of SonarQube 10.6.
Q: Does SonarQube Enterprise Edition support STIG reporting?
A: We don’t today, but this is something we are actively working on for a future release. We currently have some comprehensive security reports, however, that cover multiple security standards like OWASP and CWE.
Q: What’s the difference between SonarQube Enterprise Edition and Data Center Edition?
A: Data Center Edition includes everything that is available in Enterprise Edition, but it also allows you to run SonarQube in a clustered configuration. That way, you are more resistant to unplanned downtime, because if something happens to one node of your instance, it hasn’t taken down all the nodes. You can also scale the number of compute engine workers, when you are limited to 10 maximum with the Enterprise Edition. It becomes crucial when you reach hundreds of millions of lines of code being analyzed, it prevents your developer organization from being stuck if something happens to your SonarQube instance.
