Exciting news! SonarQube has launched its Advanced Security offering, which builds upon the core code security features (such as SAST, taint analysis, secrets detection, and IaC scanning) by adding Software Composition Analysis (SCA) and advanced SAST. This new offering extends SonarQube's capabilities to provide end-to-end integrated code security and quality management.

Through its acquisition of Tidelift, Sonar is enhancing its security capabilities by extending coverage to open-source software, which constitutes over 90% of modern software. Maintainers of thousands of the most popular open-source packages are compensated by Tidelift to implement industry-leading secure software development practices and document the practices they follow. This combined solution ensures a comprehensive approach to managing software supply chain risks and improving code quality.

Benefits include:

• End-to-end security: Secure your entire codebase, including first-party, third-party, and AI-generated code.
• Reduced costs: By addressing vulnerabilities early in the SDLC, teams reduce remediation costs and improve time to market.
• Streamlined workflows: Integrates seamlessly into your existing development processes, saving developers time and effort.
• Improved productivity: Reduces vulnerability fire drills from insecure or undermaintained packages.
• Increased operational efficiency: Saves costly manual package evaluation time.

This ensures a comprehensive approach to managing software supply chain risks and improving code quality. Grab some time with our team and we’ll show you how it works!