Does SonarCloud support SCA?

fai-prive · November 14, 2022, 4:16am

Does SonarCloud support SCA or 3rd party library vulnerability scan? I don’t seem to find it, if not. Do you know if there is a plan for that?

ganncamp · November 15, 2022, 12:58pm

Hi,

Welcome to the community!

SonarCloud does not support SCA, and I’m not aware of any current plans.

That said, one option would be to

run SCA before your SonarCloud analysis
convert the report to the Generic Issues format
include the Generic Issues report in your SonarCloud analysis.

But the details of the first two steps are out of scope for us here.

HTH,
Ann

Colin · March 18, 2025, 2:24pm

Hello from the future!

We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.

Please see this announcement for more details.

Oodini · March 18, 2025, 4:09pm

If you’re looking for beta-testers, we’re actually trying one of your competitors, and are not very statisfied…

Topic		Replies	Views
Support in Sonarcloud for SCA tools Product Manager for a Day sonarqube-cloud	1	1272	March 18, 2025
Third-party library scanning SonarQube Cloud security , sonarqube-cloud	5	1298	March 18, 2025
Is there dependency check in sonarcloud? SonarQube Cloud sonarqube-cloud	3	257	March 18, 2025
Any way to do software composition analysis via Sonar Cloud SonarQube Cloud	2	1333	March 18, 2025
Third-party Software Components SonarQube Cloud	2	395	March 18, 2025

Does SonarCloud support SCA?

Related topics