Hello,
I was looking for Software Composition Analysis in Sonarcloud. is there this capability? What in SonarQube using plugins?
thanks,
fabio
Hey there.
This is not a capability offered by SonarCloud – which focuses on the analysis of code, rather than tracking the dependencies are being used by a project.
As SonarQube supports community-supported plugins, some users use GitHub - dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube