Hi all
Can you please advise whether SonarCloud scan can identify the use of Log4J in the repository?
If we add a repo in SonarCloud, will we get an alert on the use of the Log4J library and whether it’s vulnerable?
Best
Bozidar
Hey there.
SonorCloud is really focused on SAST (Static Application Security Testing) rather than SCA (Software Component Analysis). SonarCloud can’t be configured to raise issues if log4j is found.
1 Like
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.