Configuring SonarQube Advanced Security

Overview

This course guides administrators through enabling and configuring SonarQube Advanced Security, which extends SonarQube's features to include Advanced SAST and Software Composition Analysis (SCA) functionality. You'll learn how to customize the solution to manage dependency risks, security vulnerabilities, and prohibited licenses in your third-party code.

Learning objectives

After completing this course, you’ll be able to:

• Enable SCA functionality for SonarQube Advanced Security.
• Configure an SCA license profile.
• Run a test scan to view your dependency risks.
• Configure a quality gate profile for dependency risks.
• Interpret your dependency risk results.

Key topics

• Enabling SonarQube Advanced Security 
• Creating and customizing a license profile
• Verifying SCA is enabled
• Configuring a quality gate for dependency risks
• Generating a Software Bill of Materials (SBOM)
• Resources and best practices

Target audience

• Administrators
• DevOps engineer

Prerequisites

• SonarQube Advanced Security license
• Administration permissions in SonarQube
• Required languages for dependency analysis
• Java 17 or later to run SonarScanner
• Network connectivity
• Knowledge of SonarQube is recommended