This Addendum governs Customer’s installation and use of SonarQube Advanced Security (“SQAS”) and related Support. This Addendum is incorporated by reference into, and forms an integral part of, the Agreement between SonarSource and Customer. All capitalized terms used herein but not otherwise defined shall have the meanings given to them in the Agreement.
1. DEFINITIONS
1.1 “Addendum” means this SQAS Addendum.
1.2 “Agreement” means the relevant SonarQube Server Terms and Conditions or the SonarQube Cloud Terms of Service, as applicable, between Customer and SonarSource.
1.3 "Authorized Use" means Customer's use of a Sonar Offering in compliance with the terms and conditions of the Agreement, including any associated payment requirements.
1.4 “Dependency Data” means lockfiles, manifests, and any other metadata regarding third-party software dependencies, made available by Customer for the purpose of analyzing software dependencies and components.
1.5 “SQAS License” means a separate, supplementary license granted to Customer to use SQAS solely in conjunction with an approved Sonar Offering. The SQAS License cannot operate independently of the corresponding permissions granted by the Agreement for the associated Sonar Offering.
1.6 “Security Analysis Results” means the results that are generated by SQAS processing Dependency Data, and made available to Customer via SQAS.
1.7 “Sonar Offering” means the Product (as defined in the SonarQube Server Terms and Conditions) or the Service (as defined in the SonarQube Cloud Terms of Service), as applicable.
2. INTELLECTUAL PROPERTY
2.1 Subject to the terms, conditions, and limitations of the Agreement and this Addendum, SonarSource grants Customer a worldwide, non-exclusive, non-transferable, non-sublicensable and revocable SQAS License: (i) for the use of SQAS together with the Authorized Use of the Sonar Offering; and (ii) to access, use, and distribute the Security Analysis Results and Documentation for Customer’s own internal software development purposes. The SQAS License is limited to the usage tier and term set forth in the applicable sales documents.
2.2 As between the Customer and SonarSource, all right, title, and interest in and to Dependency Data, including all Intellectual Property rights therein, belong exclusively to Customer. Customer grants to SonarSource the right to internally use such data for the purpose of providing the Customer with SQAS, Documentation, and Security Analysis Results.
2.3 Except for the limited license rights expressly granted by SonarSource to Customer in Section 2.1 above, all right, title, and interest in and to SQAS, Documentation, and Security Analysis Results, including all Intellectual Property rights therein, belong exclusively to SonarSource and/or its licensors. All rights not expressly granted under this Addendum are reserved by SonarSource. Customer undertakes to comply with and not to challenge or misuse any of SonarSource’s Intellectual Property rights.
2.4 SonarSource is hereby granted a royalty-free, fully-paid, worldwide, exclusive, transferable, sub-licensable, irrevocable, and perpetual license to use or incorporate into its products and services any suggestions, enhancement requests, recommendations, or other feedback provided by you relating to SQAS or Documentation.
3. CUSTOMER’S OBLIGATIONS
All terms and conditions applicable to the use of the Sonar Offering under the Agreement apply to Customer's use of SQAS.
4. CUSTOMER AND PERSONAL INFORMATION
4.1 SQAS transmits Dependency Data to SonarSource’s cloud servers for analysis, but does not transmit Customer’s source code. SonarSource has implemented physical, administrative, organizational, and technical information security measures to protect the security of Dependency Data.
4.2 By design, Dependency Data does not include Personal Data. However, if Customer includes Personal Data within the Dependency Data, SonarSource disclaims all liability.
4.3 Sonarsource shall implement the appropriate technical and organizational measures to secure the Dependency Data described in Schedule 3 of the Data Processing Addendum available at sonarsource.com/legal/data-processing-addendum/
5. SUPPORT AND SERVICE LEVEL COMMITMENT
If Customer purchased Support or is otherwise entitled to receive Support, SonarSource will provide Support for SQAS in accordance with the Agreement. SonarSource will provide SQAS’s network-dependent functionalities in accordance with the applicable Service Level Agreement.
6. MODIFICATION TO THE SERVICE
SonarSource may make commercially reasonable updates or modifications to SQAS from time to time to reflect changes in, among other things, laws, regulations, rules, technology, industry practices, patterns of system use, and availability of a third-party program. SonarSource will provide advance notice of any such material updates or modifications that it reasonably believes are likely to materially degrade core features or functionalities of SQAS.
7. GENERAL
Except as modified by this Addendum, the Agreement remains in full force and effect. SonarSource may modify this Addendum from time to time. SonarSource will notify Customer of any material modifications to this Addendum at least thirty (30) days prior to such modifications taking effect, either by posting a notice on the Website or by sending an email notice to Customer. Customer’s continued use of SQAS and/or Support after thirty (30) days from such notice will constitute Customer’s acceptance of the modifications to this Addendum. In the event of any conflict between the terms of this Addendum and the Agreement, the terms of this Addendum shall prevail in connection with SQAS.