We have a requirement to identity third-party software components in our Azure DevOps code repos. We have SonarCloud, is there functionality in SonarCloud that might help us identify these third party components and any potential security issues?
Hi,
Welcome to the community!
We don’t perform SCA (software composition analysis).
What you can do is run a SCA tool before analysis, convert its output to the Generic Issues format and import it that way.
HTH,
Ann