My dotNetCore c# project include nugget package dependency BouncyCastle.Cryptography ver. 2.1.1
According to Visual Studio it is vulnerable and has 3 known issues.
Sonar did not detect them
Hi,
Are the vulnerabilities in your code or in the dependency? We don’t do SCA.
Ann
Thanks for your answer.
Where can I find details of how SonarQube Server verify that the code is secured ?
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.