Does SonarCloud support SCA or 3rd party library vulnerability scan? I don’t seem to find it, if not. Do you know if there is a plan for that?
Welcome to the community!
SonarCloud does not support SCA, and I’m not aware of any current plans.
That said, one option would be to
- run SCA before your SonarCloud analysis
- convert the report to the Generic Issues format
- include the Generic Issues report in your SonarCloud analysis.
But the details of the first two steps are out of scope for us here.