Open Source Vulnerability Scanner in SonarQube?

Hi Team,

I’m evaluating SonarQube and I’ve not been able to find the Open Source Vulnerability scanner in SonarQube Developer edition.
I’m looking for a feature similar to Nexus OSA Scanner or Snyk So that I don’t have to use different tools for different features.

Is there anything I’m missing or it is available in some other edition? Please let us know.

Best Regards,
Devesh

Hey there.

For the most part, we really leave any sort of SCA (Software Component Analysis) to those who do it best (like our friends at Snyk or WhiteSource ), while our focus in static analysis.

If you really wanted to get these results in SonarCloud somehow, you could try converting the reports to Generic Issue Data .

1 Like

Ok, Thanks for the quick reply. That helps !