pethers
May 10, 2022, 5:22pm
1
Hi,
Posted a few years back about https://community.sonarsource.com/t/interesting-suite-of-plugins-for-componet-analysis-java/13291 .
One problem with moving to Sonarcloud is that use cases related to SCA is not covered. but is supported in standalone by plugins.
Many people do need to track vulnerabilities, outdated dependencies and open source license compliance.
Best regards
Colin
March 18, 2025, 2:24pm
3
Hello from the future!
We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.
Please see this announcement for more details.
Sonar is excited to announce SonarQube Advanced Security , extending SonarQube’s analysis capabilities beyond first-party and AI-generated code to include third-party open source code. With this, we’re delivering the first fully integrated solution for finding and fixing code quality and code security issues in the development phase of the SDLC.
The first step in integrating Sonar’s recent acquisition of Tidelift, SonarQube Advanced Security strengthens a robust set of existing security capabili…