Dear community, as the Digital Operational Resilience Act is going to take effect for the financial sector next year, and it requires, among other things, Software Composition Analysis (SCA), I wanted to ask if this feature is planned for the next releases? Thanks in advance!

Hello from the future! We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after. Please see this announcement for more details. …

Is Software Composition Analysis planned in the future?

SonarQube Server / Community Build

Colin (Colin) April 12, 2024, 7:37am 9

This is the first I’ve heard of it, so no advice to share. I’m sorry!

That said, GitHub - dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube is one of the most popular plugins in the Sonar ecosystem, although it’s causing some issues in the latest SQ version (might be our fault)

1 Like

Topic		Replies	Views
Any way to do software composition analysis via Sonar Cloud SonarQube Cloud	2	1333	March 18, 2025
Software compositin analysis in SonarCloud/SonarQube SonarQube Cloud sast	2	1471	March 18, 2025
SonarQube opensource vulnerability detection SonarQube Server / Community Build	4	10353	March 18, 2025
Third-party Software Components SonarQube Cloud	2	395	March 18, 2025
Dependency management with SonarCloud? SonarQube Cloud sonarqube-cloud	4	371	March 18, 2025

Is Software Composition Analysis planned in the future?

Related topics