Hi,
Does sonarqube analyse nuget packages for security and license issues like whitesource bolt?
Thanks!
Hi,
Does sonarqube analyse nuget packages for security and license issues like whitesource bolt?
Thanks!
Hi,
Welcome to the community
SonarQube performs static code analysis and SAST: Static Application Security Testing. It doesn’t do SCA: Software Composition Analysis.
HTH,
Ann
Hello from the future!
We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.
Please see this announcement for more details.