Sonarqube 10.1.0-enterprise vulnerabilities


Recently our devops team reported vulnerabilities detected by our CWP to

There are about 15 Critical/High vulnerabilities, but we were advised that SonarQube 10.1 is not vulnerable , despite fixes available.
I’m curious if anyone else experienced the same and what further recourse is available.


Hi Wilson,

We don’t release patches on SonarQube when the product is not vulnerable. However, dependencies are periodically updated to make sure that SonarQube benefits from the latest security improvements.


1 Like