Hello,
I was looking for Software Composition Analysis in Sonarcloud. is there this capability? What in SonarQube using plugins?
thanks,
fabio
Hey there.
This is not a capability offered by SonarCloud – which focuses on the analysis of code, rather than tracking the dependencies are being used by a project.
As SonarQube supports community-supported plugins, some users use GitHub - dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube
Hello from the future!
We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.
Please see this announcement for more details.