Does SonarCloud covers the same static code scanning capabilities of the Microsoft Security Code Analysis(MSCA)?
Examples of MSCA toolset:
Credential Scanner: a proprietary Microsoft tool that helps detect credentials, secrets, certificates, and other sensitive content in your source code and build output.
Roslyn Analyzer: Microsoft’s compiler integrated static analysis tool for analyzing managed code (C# and VB)
Roslyn is at the core of our C# analyzers (it’s what they are built on!) and issues from other Roslyn analyzers are automatically imported to SonarCloud during analysis.
SonarCloud does not track the libraries that are included in a project – we leave SCA (Software Component Analysis) to those who do it best (like our friends at Snyk or WhiteSource)!