Are libraries with known vulnerabilities (nugets, dlls) scanned and flagged as such?

  • ALM used Gitlab
  • CI system used Gitlab CI
  • Scanner command used when applicable (private details masked)
  • Languages of the repository - C#, XML, JS


We’re interested in finding out if potentially vulnerable libraries (nugets, dlls) are being scanned by SonarCloud. Ideally we’re looking to understand if blacklisted libraries are being identified as a vulnerability when scanned.


Hey there.

SonarCloud does not perform Software Component Analysis (SCA).

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.