We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.
Created dashboards for all repos for a company I worked for 5 years ago.
Provided
Metrics
The plugin keeps track of the following statistics:
Metric
Description
Dependencies to patch
The number of dependencies with patches available (incremental updates).
Dependencies to patch (Ratio)
The ratio of dependencies to patch.
Dependencies to upgrade
The number of dependencies with upgrades available (minor and/or major updates).
Dependencies to upgrade (Ratio)
The ratio of dependencies to upgrade.
Dependencies Total
The total number of dependencies.
Patch maintenance
The rating of the patch maintenance (see below)
Patches missed
The total number of patches missed.
Upgrade maintenance
The rating of the upgrade maintenance (see below)
Upgrades missed
The total number of upgrades missed.
Please note that when computing measures on directory/module/project level measures for identical dependencies will be included only once. E.g. if a project contains two sub models having same dependency, this is included in the measure for each sub module. For the project the measure will not include the dependency multiple times (for each sub module) but only once.
Maintenance rating
The maintenance rating is based on the ratio of dependencies with patches/upgrades and the total number of dependencies. The ratios of <=5%, <=10%, <=20%, <=50% and >50% are the guidelines to define the rating. There are slightly adoptions for projects with less than 50 dependencies.
This metric is not final. For now the rating is calculated the following way.