Does SonarCloud support SCA?

Does SonarCloud support SCA or 3rd party library vulnerability scan? I don’t seem to find it, if not. Do you know if there is a plan for that?


Welcome to the community!

SonarCloud does not support SCA, and I’m not aware of any current plans.

That said, one option would be to

  • run SCA before your SonarCloud analysis
  • convert the report to the Generic Issues format
  • include the Generic Issues report in your SonarCloud analysis.

But the details of the first two steps are out of scope for us here.