Third-party Software Components

clinechas · February 8, 2023, 5:31pm

We have a requirement to identity third-party software components in our Azure DevOps code repos. We have SonarCloud, is there functionality in SonarCloud that might help us identify these third party components and any potential security issues?

ganncamp · February 9, 2023, 6:20pm

Hi,

Welcome to the community!

We don’t perform SCA (software composition analysis).

What you can do is run a SCA tool before analysis, convert its output to the Generic Issues format and import it that way.

HTH,
Ann

Colin · March 18, 2025, 2:27pm

Hello from the future!

We recently announced SonarQube Advanced Security, which will include SCA capabilities. While it’s not available yet, we expect general availability for SonarQube Server in May 2025, and SonarQube Cloud Enterprise shortly after.

Please see this announcement for more details.

Topic		Replies	Views
Any way to do software composition analysis via Sonar Cloud SonarQube Cloud	2	1331	March 18, 2025
Support in Sonarcloud for SCA tools Product Manager for a Day sonarqube-cloud	1	1266	March 18, 2025
Does SonarCloud support SCA? SonarQube Cloud	3	1354	March 18, 2025
Software compositin analysis in SonarCloud/SonarQube SonarQube Cloud sast	2	1457	March 18, 2025
Is there dependency check in sonarcloud? SonarQube Cloud sonarqube-cloud	3	255	March 18, 2025

Third-party Software Components

Related topics