We are currently subscribers of the team plan on SonarQube Cloud and are looking for dependency reporting to track vulnerabilities and license compliance.
Currently, our dependencies that we would need to scan are mostly between NodeJS (PNPM) and C#.NET (NuGet).
My understanding is these features are either already available or are coming very soon. Can I get some more clarity on when the Advanced Security features will be rolling out to cloud customers, and is there any early access program if it’s not yet released?
Our target is September. At this stage, I’m not sure whether we’ll run an early access program—while we did so for SonarQube Server, for SonarQube Cloud the process largely involves transferring over the implementation.
We will release Advanced Security for SonarQube Cloud for Enterprise Editions and above on September 15, and you can read more about the customer problems we are solving here (it will mirror what we release for Server in late May). This includes support for PNPM and NuGet package managers.
We are not running a Beta/Early Access program for Cloud, but we do have some Solutions Engineering teammates that will be working with customers to begin trials as early as August 29.
If you would like to see a demo of how it works earlier, and talk about the roadmap ahead, let me know and I’ll get in touch.
