Currently using OWASP Dependency-Check gradle plugin. Is it possible to send its report as Vulnerabilities to SonarCloud to be able to track vulnerabilities over time? There is a SonarQube plugin, but if I understand correctly plugins are not available in SonarCloud.
Hi,
Welcome to the community!
It’s been a while since I looked at the Dependency Check plugin, so I don’t remember how it reports its findings. If they’re reported as issues raised on code, then you should be able to import the results by converting the report to the Generic Issues format.
HTH,
Ann
No, it’s issues based on it being a dependency.
Hi,
I should have been more specific. If the issues can be tied to files - any kind of text file - then this should work.
HTH,
Ann