It would be an excellent feature (though I’m sure a big development effort) if sonarcloud could support dependency analysis for known version vulnerabilities. I know some other SaaS services like github have also started getting into this arena, but we would love this feature. It would take the place of the old OWASP Dependency Check plugin.
Fabrice_Bellingard (Fabrice Bellingard) #2
Hi Rick! Indeed, I agree with you, and this is something we started looking at. I just can’t give you more details about this just now.