Interesting suite of plugins for componet analysis java


A range of sonarqube plugins that cover different aspects of

License :
Known Vulnerabilities :
Outdated Components : no 7.9(only 5.6) support but provides

  • Identify dependencies between JAR files
  • Find missing classes from the classpath
  • Spot if a class/package is located in multiple JAR files
  • Spot if the same JAR file is located in multiple locations
  • With a list of what each JAR file requires and provides
  • Verify the SerialVersionUID of a class
  • Find similar JAR files that have different version numbers
  • Find JAR files without a version number
  • Find unused JAR archives
  • Identify sealed / signed JAR archives
  • Locate a class in a JAR file
  • Get the OSGi status of your project
  • Remove black listed API usage
  • And generate the same reports for your .WAR and .EAR archives

best regards


Are you looking for volunteers to bootstrap a SCA plugin for SonarQube?
Can you clarify what is the goal of your post?


Just wanted to share a good set of plugins for sca, but maybe posted in wrong forum.

best regards

Talked about this plugins at :Secure your development pipeline presentation (libreoffice original)

also recommend reading

best regards