Sonar Qube Vulnerablility checking for Libraries

NitheeshSS · February 5, 2021, 4:03pm

Hi All,

We are using a Sonar Qube Developer edition (8.X).Currently there is no specific way to check the vulnerablity for library files. Upon checking there is a plugin available for this

dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube (github.com)

Is it possible to use this plugin on Developer version, Can some one support on this .

Rouke.Broersma.IS · February 9, 2021, 9:02am

We use this extension on developer edition, works great. Keep in mind that the plugin only reads the report into sonarqube, it does not generate the report. To generate the report you will have to run the dpendency check commandline tool as well in your pipeline.

Topic		Replies	Views
SonarQube scan for python libraries SonarQube Server / Community Build sonarqube , python	5	1361	March 18, 2025
Support OWASP Dependency Check plugin Suggest new features sonarqube-cloud	2	5655	December 17, 2018
Identification of CVEs and old versions of thirdparty libraries with Sonarqube SonarQube Server / Community Build	3	1191	May 6, 2020
SonarQube does not show as issues dependency vulnerabilities found by Dependency-check SonarQube Server / Community Build	1	45	June 11, 2025
Unable to see Vulnerabilities reported by dependency-check SonarQube Server / Community Build sonarqube , dotnet	3	1150	October 14, 2022

Sonar Qube Vulnerablility checking for Libraries

Related topics