Skip to main content

SonarCloud SAST Scan

Introduction

SonarCloud is a cloud-based SAST tool that can be used to scan code for vulnerabilities. It is a paid service, but it is free for open source projects. It is also free for private projects with a limit of 100,000 lines of code.

Prerequisites

  • A SonarCloud account
  • A GitHub account
  • A GitHub repository with code to scan

Steps

Create a SonarCloud account

  1. Go to SonarCloud and click on the Sign Up button.
  2. Sign up using your GitHub account.
  3. Click on the + button to create a new organization.
  4. Enter a name for the organization and click on the Create organization button.
  5. Click on the + button to create a new project.
  6. Select the GitHub repository to scan and click on the Set Up button.
  7. Select the language of the code in the repository and click on the Set Up button.