SONARQUBE ADD-ON

Advanced Security

Developer-first security for your first-party, AI-generated, and open source code, powered by advanced SAST and integrated SCA

Request free trialRequest demo
Image shows filtering of dependency risks in SonarQube

TRUSTED BY OVER 7M DEVELOPERS AND 400K ORGANIZATIONS

Mercedes Benz
Nvidia
U.S. Army
Santander
Costco
  • Free 14 Day Trial
  • Take a Product Tour
  • Contact us

SonarQube core security

SAST

Detect code vulnerabilities, early in development

Taint analysis

Cross-file data flow analysis to prevent injection attacks

IaC scanning

Secure cloud infrastructure configurations

Secrets detection

Prevent exposure of credentials, tokens, and keys

ADD-ON

Advanced Security

Requires SonarQube Server 2025.3 Enterprise or higher

Request free trial

Advanced SAST

Extends taint analysis to dependencies to uncover complex vulnerabilities:

  • Dependency-aware data flow analysis
  • Uncovers vulnerabilities others miss
  • Fast and accurate 

SCA

Comprehensive open-source risk & compliance management

  • Vulnerability detection
  • License management
  • SBOM (Software Bill of Materials)

  • Deeper taint analysis

  • CVE detection

  • License management

  • SBOM

ADVANCED SAST

Deeper taint analysis

Dependency-aware taint analysis to find hidden security flaws 

  • Analyze your code's interactions with third-party libraries
  • No configuration required
  • No performance overhead
  • Supports Java, C#, JavaScript, Typescript

Ecosystem support

  • Java
  • https://assets-eu-01.kc-usercontent.com:443/5dddefee-e8bb-013a-3b4e-7907971cf825/e8a34013-7557-479a-90d3-4a12f5781e49/kotlin-color-padding.svg
  • Scala Logo
  • Javascript Logo
  • typescript logo
  • C Sharp Logo
  • Python Logo
  • Go Logo
  • https://assets-eu-01.kc-usercontent.com:443/5dddefee-e8bb-013a-3b4e-7907971cf825/6bd5e308-60d3-4a1a-a769-b6186fd79a58/Rust-logo-padding.svg
  • Ruby Logo

SonarQube security reports

Comprehensive reporting for all security issues in all code

Actionable insights

Detailed code security findings with severity, trends, and remediation guidance

Rich dashboards

Visualize quality and security trends, and KPIs in unified dashboards

Compliance reports

Generate security reports for OWASP Top 10, CWE, PCI DSS, STIG, and more

Scheduled reports

Automate report delivery on daily, weekly, or monthly schedules

Integrated code quality and code security

SonarQube is an integrated code quality and security analysis platform that provides actionable intelligence to help build better software, faster.

Elevate code quality standards

Deliver robust, reliable, and maintainable code with fast, accurate analysis across all code

Core security: foundation for secure code

Includes SAST, taint analysis, secrets detection, IaC scanning for first-party and AI-generated code

Advanced Security add-on

Advanced Security extends to open-source code with advanced SAST and Software Composition Analysis (SCA)

Ready to secure your code?

Request free trialRequest demo