Can Sonarcloud help prevent black listed packages being used in projects?

Hi, we have a couple of nuget packages which we explicitly do not want engineers to use. Is there any way SonarCloud can be configured to flag and fail the quality gate, when a certain package is referenced in a project?

If not, could the community recommend alternative ways to achieve this?

Hey there.

Giving the Sonar(Source) perspective – SonarCloud does not perform SCA (Software Component Analysis) – and there is no rule to prevent the use of certain Nuget packages. Tools dedicated to SCA may be able to provide you with this functionality!