3rd party analysis in SonarQube advanced security

tsvetomilaignatova · February 2, 2026, 10:27am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension) SonarQube server
how is SonarQube deployed: zip, Docker, Helm
what are you trying to achieve SonaqQube analysis in AzureDevOps pipelines
what have you tried so far to achieve this task: powershell task to generate lock files to be added in the pipeline

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Hello,

Can you please share the easiest way to perform third-party dependencies’ analysis in SonarQube Advanced Security if no lock files are maintained in our repository?

bill.nottingham · February 9, 2026, 5:29pm

Lockfiles are generally necessary to get correct results for transitive dependencies.

What ecosystems are your projects in?

For JavaScript, etc we recommend that you do commit your lockfiles (package-lock.json, yarn.lock, etc) to source control so they can be picked up.

For Python, we recommend using a package manager tool (one example is poetry) that uses a lockfile for the same reason.

For Java SonarQube Advanced Security will run maven and gradle commands to automatically generate a lockfile.

For C#, we recommend starting here: NuGet package restore

Topic		Replies	Views
Software compositin analysis in SonarCloud/SonarQube SonarQube Cloud sast	2	1531	March 18, 2025
SonarQube Advanced Security now available for SonarQube Cloud Sonar Updates sonarqube , security , sonarqube-cloud	0	265	September 15, 2025
Sonarcloud sca azure devops tasks SonarQube Cloud	3	44	May 29, 2025
SonarQube scan for python libraries SonarQube Server / Community Build sonarqube , python	5	1422	March 18, 2025
Looking to scan for vulnerabilities in direct/transitive dependencies from nuget and npm, possible? SonarQube Server / Community Build	2	250	May 13, 2025

3rd party analysis in SonarQube advanced security

Related topics