I see there is an old thread but I thought I’d create a new one in light of yesterday’s discover of a supply chain attack . It would be good to be able to set a blacklist of CDN urls, so that we do not accidentally include links to cdn.polyfill.io or others.

Detecting Polyfill.io CDN references

ganncamp (G Ann Campbell) Split this topic June 27, 2024, 5:43pm 3

Topic		Replies	Views
Rule to detect external or CDN references in HTML? New rules / language support html , sonarqube , custom_rules	2	455	July 9, 2024
Why SonarQube recommends to exclude javascript libraries from the analysis SonarQube Server / Community Build sonarqube	1	2087	May 27, 2019
Evaluate the project package sources (such as NuGet/NPM) and analyse vulnerabilities New rules / language support sonarqube-cloud	0	454	February 28, 2019
External links to bug descriptions SonarQube Server / Community Build sonarqube	3	1703	July 19, 2019
Can we detect external js or css inclusion SonarQube Server / Community Build	3	274	November 4, 2022