michaelthe
October 10, 2023, 9:56am
1
Is there dependency check in sonarcloud (not sonarqube)? For instance of 3rd party libraries used?
ganncamp
October 11, 2023, 4:07pm
2
Hi,
Welcome to the community!
Sorry, but there’s not. We do SAST (among other things), not SCA.
Colin
March 18, 2025, 2:42pm
8
Hello from the future!
We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.
Please see this announcement for more details.
Sonar is excited to announce SonarQube Advanced Security , extending SonarQube’s analysis capabilities beyond first-party and AI-generated code to include third-party open source code. With this, we’re delivering the first fully integrated solution for finding and fixing code quality and code security issues in the development phase of the SDLC.
The first step in integrating Sonar’s recent acquisition of Tidelift, SonarQube Advanced Security strengthens a robust set of existing security capabili…