Is there any info which third-party open-source libraries will be covered by the new “Deeper SAST” feature? And which programming languages. Are there certain criteria for a library to be covered? How timely is this planned to updated when new relevant libraries appear or new versions of covered libraries are published?
Hello @Bernd_F,
Welcome to the Sonar community!
DeeperSAST supports Java and C# and we want to extend it to Python and JS/TS in the future.
It’s impossible to list the libraries that are supported. For Java, we took the top 1000 most used libraries, and for the C#, the top 100. Soon, we will experiment and measure the impact of supporting the top 2K libraries for Java.
DeeperSAST internal database is refreshed every 2 months in sync with SonarQube releases.
Alex