Home / Companies / Sonar / Blog / Post Details
Content Deep Dive

Announcing Advanced Security for SonarQube Cloud Team plan

Blog post from Sonar

Post Details
Company
Date Published
Author
Satinder Khasriya
Word Count
823
Company Posts That Month
21
Language
English
Hacker News Points
-
Summary

SonarQube Advanced Security has been extended to the SonarQube Cloud Team plan, offering built-in dependency risk analysis, software composition analysis (SCA), and malware detection to enhance protection against software supply chain threats, which have recently targeted tools like Axios and Trivy. This feature integrates seamlessly into existing developer workflows and IDEs, allowing teams to identify vulnerable public packages, track license visibility, and enforce secure code standards before merging repository branches. With the same quality gates and IDE integration already used for code quality, developers can now also address dependency vulnerabilities, reducing risk and maintaining code security without the need for separate security tools. The introduction of these capabilities allows small and mid-sized teams, often lacking dedicated AppSec functions, to manage supply chain risks effectively and ensures they can ship software with greater confidence.

Trends Found in this Post

No tracked trend matches for this post yet.