Software compositin analysis in SonarCloud/SonarQube


I was looking for Software Composition Analysis in Sonarcloud. is there this capability? What in SonarQube using plugins?



Hey there.

This is not a capability offered by SonarCloud – which focuses on the analysis of code, rather than tracking the dependencies are being used by a project.

As SonarQube supports community-supported plugins, some users use GitHub - dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube