Which third-party open-source libraries are covered by "deeper SAST"?

Is there any info which third-party open-source libraries will be covered by the new “Deeper SAST” feature? And which programming languages. Are there certain criteria for a library to be covered? How timely is this planned to updated when new relevant libraries appear or new versions of covered libraries are published?

Hello @Bernd_F,

Welcome to the Sonar community!

DeeperSAST supports Java and C# and we want to extend it to Python and JS/TS in the future.

It’s impossible to list the libraries that are supported. For Java, we took the top 1000 most used libraries, and for the C#, the top 100. Soon, we will experiment and measure the impact of supporting the top 2K libraries for Java.

DeeperSAST internal database is refreshed every 2 months in sync with SonarQube releases.