Support OWASP Dependency Check plugin


(Fred Bierhaus) #1

Sonar Qube supports the OWASP Dependency Check plugin, but Sonar Cloud does not.

(Colin Mueller) #2

SonarCloud does not support third-party plugins (and for support matters, neither does SonarSource, just to be clear). However, if reporting on dependencies with known vulnerabilities is a feature you would like to see baked into SonarQube/SonarCloud, I suggest raising the matter with that angle. :slight_smile:

(Rick Hanton) #3

As @ColinHMueller suggested, I created feature request for this: Support Dependency Checks for Known Vulnerabilities