Sonarcloud will be releasing its advanced security version by end of may 2025 that includes SCA (dependency check), we are already using sonarcloud for sometime now and want to do a POC for the SCA in particular the dependency check in Azure DevOps. I couldnt find any tasks for SCA. Could someone point me to an article describing the tasks for SCA?
SonarQube Advanced Security was launched for SonarQube Server today!
We are targeting a Fall release for SonarQube Cloud.
In the current implementation, the scan will run as a part of your regular analysis. No additional tasks needed!
Great,
So if we purchase advanced security licence for our existing sonar cloud then we will have SCA output under the project?
If you are using a supported language/package manager (these might grow by the Fall), then everything should be picked up automatically once the license is activated. Of course, some advanced configuration is available.
While the SQS docs are not a perfect representation of what will be delivered, it might give you an idea what it will look like!