Support for Vex documents in Sonarqube Advanced Security

Anant_Kurapati · February 24, 2026, 8:12am

which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension)
- SonarQube Enterprise Edition Enterprise Editionv2025.6.1 (117629) + Advanced Security
how is SonarQube deployed: zip, Docker, Helm
- Zip
what are you trying to achieve
- I would like to auto generate vex document based on comments added in sca dependency risk Vulnerability Exploitability eXchange (VEX) | CycloneDX
- Vulnerability Exploitability eXchange(VEX) — CVE Binary Tool 3.4 documentation
- whenever publishing SBOM is required , VEX plays important role
what have you tried so far to achieve this
- We are trying to generate through api call.

bill.nottingham · February 24, 2026, 6:26pm

This is something we’d like to support natively in the future, but for now what you’d have to do is export the Risk Report, and create a script that reformats it into a VEX format.

Topic		Replies	Views
Vulnerabilities report from API SonarQube Server / Community Build sonarqube	1	5657	January 14, 2020
Exporting Vulnerability/hotspot report as csv to be used with excel for cybersecurity reporting SonarQube Server / Community Build	4	1427	October 24, 2022
Download a HTML/PDF report for Security Vulnerabilities SonarQube Server / Community Build pdf_report , html	1	1461	April 21, 2020
Export to SARIF Suggest new features sarif	10	1493	November 18, 2025
Export data from sonarqube SonarQube Server / Community Build sonarqube	5	1056	March 9, 2021

Support for Vex documents in Sonarqube Advanced Security

Related topics