PNPM support for SAST

markbrikl88 · October 31, 2022, 9:44am

We have been using Snyk but it does not support PNPM which we have switched most of our repo’s too.
Does SonarQube support pnpm?

Colin · November 1, 2022, 9:22am

SonarQube does not do Software Component Analysis (SCA, checking for dependencies with known vulnerabilities), but instead Static Analysis Security testing (SAST, analyzing code developers are writing). So there’s no such thing as SonarQube supporting pnpm

Topic		Replies	Views
Does SonarQube's Deeper SAST includes SCA? SonarQube Server / Community Build	4	750	March 18, 2025
Does SonarQube audit NPM packages for vulnerabilities? SonarQube Server / Community Build sonarqube	3	910	March 18, 2025
Does SonarQube scan 3rd-party code? SonarQube Server / Community Build sonarqube , scanner	5	1268	March 18, 2025
SonarQube opensource vulnerability detection SonarQube Server / Community Build	4	10340	March 18, 2025
Support for scanning OSS SonarQube Server / Community Build sonarqube , scanner	4	145	March 18, 2025

PNPM support for SAST

Related topics