SonarSource Advanced Security is a code security analysis platform that combines Static Application Security Testing (SAST) and Software Composition Analysis (SCA) capabilities. The platform provides security analysis for first-party code, AI-generated code, and open source dependencies. The core security features include SAST for detecting code vulnerabilities early in development, cross-file taint analysis to prevent injection attacks, Infrastructure as Code (IaC) scanning for cloud configurations, and secrets detection to prevent exposure of credentials, tokens, and keys. The Advanced Security tier extends the platform with comprehensive SCA capabilities including CVE detection in open source dependencies, license management, and Software Bill of Materials (SBOM) generation. It also includes Advanced SAST which extends taint analysis to dependencies through dependency-aware data flow analysis. The platform prioritizes vulnerabilities by severity using CVSS scores and exploitability metrics including EPSS and KEV. It provides security reporting with dashboards for visualizing trends and KPIs, compliance reports for standards like OWASP Top 10, CWE, PCI DSS, and STIG, and scheduled report delivery. SonarSource Advanced Security supports multiple programming languages including Java, Kotlin, Scala, JavaScript, TypeScript, C#, Python, Go, Rust, Ruby, and PHP. The platform is available as SonarQube Server and SonarQube Cloud, requiring Enterprise edition for Advanced Security features.