SonarCloud and scanning for the Log4J vulnerability

Hi all

Can you please advise whether SonarCloud scan can identify the use of Log4J in the repository?
If we add a repo in SonarCloud, will we get an alert on the use of the Log4J library and whether it’s vulnerable?


Hey there.

SonorCloud is really focused on SAST (Static Application Security Testing) rather than SCA (Software Component Analysis). SonarCloud can’t be configured to raise issues if log4j is found.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.