Version Enterprise Edition v2025 Background I have a SonarQube project where I’ve submitted scans from sonarqube-scanner using GitHub actions, all works fine. I can browse the code in SonarQube and see any related issues. Now I’m trying to setup an additional scan using files from a dynamic applic…

Hey there. Today, it’s not possible to enrich analysis results after a scan has been submitted. All information, including external reports, must be available when the scan is run.

I would normally suggest that you make sure your DAST scan is finished first, and then pass that artifact along to the build task that runs your SonarQube scan so you can have all the information in one project.

Alright, thank you, I will look into such a solution. The project/application I want to scan is built with .NET. I’ve followed the docs for .NET application and SonarQube scanning, so our GitHub action is doing the following: dotnet-sonarscanner start dotnet build dotnet-sonarscanner end The dotn…

Is your DAST scan currently running as a part of your GitHub actions? Ideally, you would just make sure that runs before dotnet-sonarscanner end.

Merging DAST-scan report with SAST-scan?

SonarQube Server / Community Build

maxpaj (Max) October 8, 2025, 12:21pm 4

Okay, in that case, the solution is to have two different SonarQube projects for that same code/application?

Topic		Replies	Views
Application Security Support for SAST & DAST in SonarQube Suggest new features security	4	11551	November 10, 2020
How to add an external report to a past scan? SonarQube Server / Community Build sonarqube , scanner , reports	2	655	September 20, 2022
How to add scan results (OWASP ZAP) to existing task id in SonarQube Suggest new features	1	1278	December 1, 2020
Integrating SonarQube with Acunetix SonarQube Server / Community Build	1	324	February 28, 2023
Add further analysis reports during pipeline run SonarQube Server / Community Build jenkins	1	362	December 11, 2019

Merging DAST-scan report with SAST-scan?

Related topics