Advanced Security
Developer-first security for your first-party, AI-generated, and open source code, powered by advanced SAST and integrated SCA
SonarQube core security
SAST
Detect code vulnerabilities, early in development
Taint analysis
Cross-file data flow analysis to prevent injection attacks
IaC scanning
Secure cloud infrastructure configurations
Secrets detection
Prevent exposure of credentials, tokens, and keys
We know code
Trusted by over 7M developers and 400K organizations
Ecosystem support
Advanced Security
Requires SonarQube Cloud or Server 2025 Release 3 Enterprise or higher
SonarQube security reports
Comprehensive reporting for all security issues in all code
Actionable insights
Detailed code security findings with severity, trends, and remediation guidance
Rich dashboards
Visualize quality and security trends, and KPIs in unified dashboards
Compliance reports
Generate security reports for OWASP Top 10, CWE, PCI DSS, STIG, and more
Scheduled reports
Automate report delivery on daily, weekly, or monthly schedules
Integrated code quality and code security
SonarQube is an integrated code quality and security analysis platform that provides actionable intelligence to help build better software, faster.
Elevate code quality standards
Deliver robust, reliable, and maintainable code with fast, accurate analysis across all code
Core security: foundation for secure code
Includes SAST, taint analysis, secrets detection, IaC scanning for first-party and AI-generated code
Advanced Security
Advanced Security extends to open source code with advanced SAST and Software Composition Analysis (SCA)