Hi Team,
I’m evaluating SonarQube and I’ve not been able to find the Open Source Vulnerability scanner in SonarQube Developer edition.
I’m looking for a feature similar to Nexus OSA Scanner or Snyk So that I don’t have to use different tools for different features.
Is there anything I’m missing or it is available in some other edition? Please let us know.
Best Regards,
Devesh
Hey there.
For the most part, we really leave any sort of SCA (Software Component Analysis) to those who do it best (like our friends at Snyk or WhiteSource ), while our focus in static analysis.
If you really wanted to get these results in SonarCloud somehow, you could try converting the reports to Generic Issue Data .
Ok, Thanks for the quick reply. That helps !
Hello from the future!
We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.
Please see this announcement for more details.