SonarQube Features

Application Programming Interface Specification for how the application communicates with other software. APIs typically enable integration of data, logic, objects, etc. with other software applications.

Provides the ability to extend the platform to include additional features and functionalities

Tools to visualize and analyze data.

Track issues as vulnerabilities are discovered. Documents activity throughout the resolution process.

Examines application source code for security flaws without executing it.

Scans application source code for security flaws without executing it.

Allows users to access a terminal host system and input command sequences.

Allows users to perfrom hands-on live simulations and penetration tests.

Runs pre-scripted security tests without requiring manual work.

Allows users to test applications for specific compliance requirements.

Scans functional applications externally for vulnerabilities like SQL injection or XSS.

The rate at which scans accurately detect all vulnerabilities associated with the target.

The rate at which scans falsely indicate detection of a vulnerability when no vulnerabilitiy legitimately exists.

Provide insights into why trends are occurring and what issues could be related.

Integrate with manual and automated testing tools to increase bottleneck and problem identification.

Integrate with one or more code repositories.

Analyze historical data to highlight trends, statistics, and KPIs.

Follow assigned tasks across the development team to find quick turnarounds and bottlenecks.

Give users in-app method of reporting bugs and leaving general performance feedback.

Give testers in-app method of reporting bugs and leaving general performance feedback.

Give team members method of reporting bugs and leaving comments on bug status.

Provide reproducible, insightful info surrounding bug and crash scenarios.

Track history of bug status by application version, date, etc.

Store bug tracking data for an appropriate and useful amount of time.

Supports a useful and wide variety of programming languages.

Integrates seamlessly with the build environment and development tools like repositories, package managers, etc.

Grants comprehensive user-friendly insight into all open source components.

Provides relevant and helpful suggestions for vulnerability remediation upon detection.

Monitors open source components proactively and continuously.

Comprehensively identifies all open source version updates, vulnerabilities, and compliance issues.

Provides thorough, actionable feedback regarding security vulnerabilities, or allows collaborators to do the same.

Prioritizes detected vulnerabilities by potential risk, or allows collaborators to do the same.

Provides suggestions for remediating vulnerable code, or allows collaborators to do the same.

Does not falsely indicate vulnerable code when no vulnerabilitiy legitimately exists.

Allows users to set custom code standards to meet specific compliances.

Detects vulnerabilities at a rate suitable to maintain security, or allows collaborators to do the same.

Identifies, tracks, and remediates vulnerabilities

Ensures compliance with industry standards and regulations

Ensures mechanisms are in place for enforcing security policies across applications

Integrates with existing development and DevOps tools

Includes tools for analyzing trends in security incidents and vulnerabilities over time

Assigns scores to vulnerabilities based on their potential impact, helping prioritize remediation efforts

Provides customizable dashboards that present real-time data on vulnerabilities, risks, and compliance status

Supports relevant SBOM formats such as cycloneDX and SPDX.

Provides robust, industry standard SBOM annotation functionality.

Generates thorough evidence of compliance including component relationships, licenses, and more.

Automatically and continuously monitors components to alert users of noncompliant elements.

Presents a transparent and easy to use dashboard for performing SBOM management.

Includes controls for role-based access permissions.

Generates reports to demonstrate AI compliance with local and international frameworks.

Helps AI systems to comply with the regulations.

Monitors AI models for anomalies continuously.

Restricts access to AI models and sensitive data to authorized users.

Improves performance based on feedback and experience

Engages in human-like conversation for task delegation

Anticipates needs and offers suggestions without prompting

Improves performance based on feedback and experience

Engages in human-like conversation for task delegation

Anticipates needs and offers suggestions without prompting

Capability to perform complex tasks without constant human input

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Works across multiple software systems or databases

Improves performance based on feedback and experience

Engages in human-like conversation for task delegation

Makes informed choices based on available data and objectives

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Automatically remediates or suggests remediation that meets internal and external code security best practices.

Automatically detects all security flaws in code as it's being written.

Does not flag false positives.

Integrates with existing security tools to fully contextualize remediation suggestions.

Seamlessly integrates into developers' existing workflows and environments to provide code security assistance.

Considers the entire codebase to detect existing and emerging security flaws.