Sonar Scanner 4.7.0.2747 what are you trying to achieve - scan the image cleanly with twistlock (or any other CVE ‘finder’) The latest version of Sonar Scanner is affected by CVE-2021-43616 which is a critical vulnerability in npm that is fixed in versions 8.10.0-r0 and higher I couldn’t find a s…

CVE-2021-43616 is sonar-scanner

Colin (Colin) May 24, 2022, 2:37pm 2

Hey there.

Thanks for the report. We don’t consider that we’re vulnerable. Nevertheless, we will remove npm from the next release.

In the future, please follow this guide on responsible vulnerability disclosure:

Topic		Replies	Views
CVE-2021-23337 in Sonarqube 8.7 SonarQube Server / Community Build sonarqube	7	1021	March 25, 2021
CVE-2023-4911 vulnerability in Sonar image SonarQube Server / Community Build security	2	1065	October 11, 2023
Sonar-scanner-vsts v5.15.0 multiple CVEs detected Plugin Development scanner	5	253	September 25, 2023
Sonar-scanner-cli Docker image vulnerabilities? SonarQube Server / Community Build sonar-scanner	10	1079	June 3, 2024
When i use sonar-cli of docker image, the scan report shows critical vulnerabilities SonarQube Server / Community Build sonarqube , scanner	3	736	November 21, 2022