Hi, we have a couple of nuget packages which we explicitly do not want engineers to use. Is there any way SonarCloud can be configured to flag and fail the quality gate, when a certain package is referenced in a project?
If not, could the community recommend alternative ways to achieve this?
Giving the Sonar(Source) perspective – SonarCloud does not perform SCA (Software Component Analysis) – and there is no rule to prevent the use of certain Nuget packages. Tools dedicated to SCA may be able to provide you with this functionality!