Thank you for the information. Could you please be more specific on how is that supposed to work in an existing Self-Hosted version? Is that somehow automated in the existing rule set?
I was checking the documentation, and I didn’t find nothing. Therefor I was wondering if there could be command line commands to adjust the verification of the version accordingly to what you have mentioned S3417. Let me know if I can clarify you further.
No, the configuration must be stored in SonarQube as a part of the Quality Profile.
It sounds like you might be interested in a more sophisticated SCA (Software Component Analysis) tool. SonarQube offers a few rules around this, but it’s not comprehensive.