Hi Team,
Are python libraries scanned by sonarqube?
Thanks
Hello,
Is your question about being able to say that one of your Python dependencies is containing a vulnerability? Are you looking for SCA feature?
Alex
Hi Alexandre,
I’m searching for exactly what you described.
Currently we are running Sonarcube Scanner on Teamcity to perform the analysis and test coverage. But I’m struggling to find a way to check dependencies on vulnerabilities.
Do you have a hint or me?
Thanks, Samuel
Hello,
We don’t do that yet.
Alex
Hi Samuel,
if you don’t use specialized tools like Sonatype NexusIQ, you might try this community plugin
and there’s another community plugin for the license check
Gilbert
Hello from the future!
We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.
Please see this announcement for more details.