Can SonarQube be used for SAST for a dot net core version 3.2 application?

Question

For a dot net core 3.2 application, can we use SonarQube for Static Application Security Testing (SAST)? If not, then what could be the alternatives. I am from the Java background and I am aware that plugins like FindSecBugs can be used with SonarQube for Java source code.

Thanks.

Answer 1

SonarQube does SAST for a number of languages, including C# and Java.

Links to the security-related rules for C#: Vulnerabilities and Security Hotspots.

Other useful links:

• https://docs.sonarqube.org/latest/user-guide/security-rules/
• https://www.sonarqube.org/features/security/