Hi, I started working on SonarQube support recently. There is a requirement where GNU licensed libs are used in one of the software being built and needs to be scanned.
Is there a way SonarQube to scan these GNU licensed libs that are used?
Hey there.
SonarQube does not perform SCA (Software Component Analysis), including things like checking which licenses are being used by dependencies.
1 Like
Hello from the future!
We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.
Please see this announcement for more details.