Announcing Advanced Security for SonarQube Cloud Team plan
Blog post from Sonar
SonarQube Advanced Security has been extended to the SonarQube Cloud Team plan, offering built-in dependency risk analysis, software composition analysis (SCA), and malware detection to enhance protection against software supply chain threats, which have recently targeted tools like Axios and Trivy. This feature integrates seamlessly into existing developer workflows and IDEs, allowing teams to identify vulnerable public packages, track license visibility, and enforce secure code standards before merging repository branches. With the same quality gates and IDE integration already used for code quality, developers can now also address dependency vulnerabilities, reducing risk and maintaining code security without the need for separate security tools. The introduction of these capabilities allows small and mid-sized teams, often lacking dedicated AppSec functions, to manage supply chain risks effectively and ensures they can ship software with greater confidence.
No tracked trend matches for this post yet.