Are libraries with known vulnerabilities (nugets, dlls) scanned and flagged as such?

boykaneykova · June 20, 2022, 12:27pm

ALM used Gitlab
CI system used Gitlab CI
Scanner command used when applicable (private details masked)
Languages of the repository - C#, XML, JS

Hello,

We’re interested in finding out if potentially vulnerable libraries (nugets, dlls) are being scanned by SonarCloud. Ideally we’re looking to understand if blacklisted libraries are being identified as a vulnerability when scanned.

Thanks!

Colin · June 20, 2022, 1:20pm

Hey there.

SonarCloud does not perform Software Component Analysis (SCA).

system · June 27, 2022, 1:21pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.