Version: SonarQube 8.9.6 LTS (on-prem)
Goal: Ensure scans Cover CVEs listed in CISA KNOWN EXPLOITED VULNERABILITIES CATALOG.
Does SonarQube tag or track the vulnerabilities listed in CISA’s catalog (Known Exploited Vulnerabilities Catalog | CISA)?
Is there a way to export the CVE’s currently incorporated into SonarQube for comparison against CISA’s catalog?
How frequently are the vulnerabilities updated and how are they made available?
Does Sonarqube have the capability to analyze dependencies?