These Early Access Offering Terms (“Terms”) govern Customer’s use of SonarQube Advanced Security (“SQ Advanced Security”). By clicking “I Agree”, using SQ Advanced Security, or otherwise indicating acceptance electronically, the Customer agrees to these Terms, which are effective as of the date of acceptance. These Terms are incorporated into and form part of the SonarQube Server Terms and Conditions or any other agreement between the Customer and SonarSource governing Customer’s use of the Product (“Agreement”). Capitalized terms not defined in these Terms have the meaning set forth in the Agreement.
SQ Advanced Security helps customers improve the security of their software by detecting vulnerabilities in third-party dependencies. Its Software Composition Analysis (“SCA”) feature collects information about the third-party packages used in the Customer’s software, such as manifests and lockfiles, from the customer’s SonarQube Server Instance. This data is sent to a SonarQube server’s SCA service, where it is analyzed to evaluate security risks and compliance. For clarity, the project code stored and analyzed as part of the Customer’s SonarQube Server Instance is not sent to the SonarQube server’s SCA service. The analysis includes identifying vulnerabilities using a regularly updated security threat database, checking for license compliance, and offering recommendations for remediation. The results of this analysis are then provided to the Customer, delivering actionable insights to enhance the security and compliance of their software projects.
The Parties have entered into these Terms in reliance upon the foregoing premise and hereby agree to be bound by the following terms and conditions.
- Customer’s Use of SQ Advanced Security.
1.1. Subject to Customer’s compliance with the terms of the Agreement and these Terms, SonarSource grants Customer a limited, worldwide, nonexclusive, nontransferable license to access and use SQ Advanced Security for Customer’s own internal software development purposes.
1.2. Customer must use SQ Advanced Security in a manner consistent with the terms of the Agreement, Documentation, and these Terms.
1.3. Customer understands that it will be one of the first SonarSource customers to utilize SQ Advanced Security, and that SQ Advanced Security is explicitly identified as ‘early access’ and ‘pre-release’. Customer further understands that SQ Advanced Security is still in development, may have bugs or errors, may be feature incomplete, and may materially change during the early access period or prior to a full commercial launch.
1.4. SonarSource provides SQ Advanced Security “as is” and “as available”, without any express, implied, or statutory warranties of title, merchantability, fitness for a particular purpose, noninfringement, or any other type of warranty or guarantee. SonarSource has no obligation whatsoever to provide any bug fixes, error corrections, patches, or any revisions, successors, or updated versions to SQ Advanced Security while the ‘early access’ classification is in place.
1.5. Customer must make its own determination of whether or not to act upon any advice or recommendations made by SonarSource in relation to SQ Advanced Security. SonarSource does not warrant that the security or licensing compliance analysis provided by SQ Advanced Security is completely accurate or free from errors. Customer acknowledges and agrees that SonarSource will not be responsible or liable to Customer in the event that Customer suffers loss or damage, or incurs liability, due to its reliance on advice or recommendations made by SonarSource.
- Security.
Both Parties acknowledge and agree that security is a shared responsibility. SonarSource has implemented physical, administrative, organizational, and technical information security measures. It will maintain security practices consistent with its Trust Center, as published on the Website, including when sending the manifest and lockfile related data to the SonarQube server for analysis. Customer is solely responsible for managing and maintaining the security of its SonarQube Server Instance, including regularly checking for and installing any updates provided by SonarSource. This responsibility additionally includes, but is not limited to, safeguarding the SonarQube Server and License Key credentials, ensuring that access to such credentials is restricted to authorized personnel only, and implementing appropriate security measures to protect against unauthorized access, disclosure, alteration, or destruction of data within its SonarQube Server Instance.
- Intellectual Property.
3.1. As between the Customer and SonarSource, the Customer shall retain all right, title, and interest in and to the third-party dependency metadata (such as the manifests and lockfiles data) transmitted as part of SQ Advanced Security, including all associated Intellectual Property rights therein. The Customer hereby grants SonarSource a limited, nonexclusive right to internally use such data solely for the purpose of providing the Customer with SQ Advanced Security.
3.2. Except for the limited license rights expressly granted by SonarSource to Customer in Section 1.1 above, all right, title, and interest in and to SQ Advanced Security, including all Intellectual Property rights therein, belong exclusively to SonarSource and/or its licensors. All rights not expressly granted under these Terms are reserved by SonarSource.
3.3. SonarSource is hereby granted a royalty-free, fully-paid, worldwide, exclusive, transferable, sublicensable, irrevocable, and perpetual license to use or incorporate into its products and services any information, data, suggestions, enhancement requests, recommendations, or other feedback provided by Customer relating to SQ Advanced Security.
- Term.
The term of these Terms will begin on the effective date and continue to apply until the first to occur of (a) SonarSource making SQ Advanced Security publicly available to all SonarSource customers; (b) SonarSource’s decision to stop offering SQ Advanced Security (which it may decide to do at any time, in its absolute discretion); and (c) Customer ceasing to use SQ Advanced Security (which it may do at any time). In the event Customer ceases use of SQ Advanced Security, Customer must notify SonarSource, and if Customer recommences using SQ Advanced Security, it will once again be bound by these Terms. If SonarSource makes SQ Advanced Security publicly available, Customer’s continuing use of SQ Advanced Security will be subject to such terms and pricing as SonarSource may specify at such time. These Terms will automatically terminate if the Agreement expires or terminates.
- General.
These Terms are subject to the Agreement. To the extent these Terms conflict with the Agreement, these Terms will prevail. Any modification to these Terms must be stated in writing and signed by the Parties. Except as modified by these Terms, the Agreement remains in full force and effect.