Analysis of nuget packages in a solution

Hi,
Does sonarqube analyse nuget packages for security and license issues like whitesource bolt?

Thanks!

Hi,

Welcome to the community

SonarQube performs static code analysis and SAST: Static Application Security Testing. It doesn’t do SCA: Software Composition Analysis.

 
HTH,
Ann

Hello from the future!

We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.

Please see this announcement for more details.