I am quite new to the subject, so apologies if this was answered already. We are thinking of purchasing SonarCube enterprise to do code inspection. I wondered if the inspection covers third-party (open source or licensed) software scanning from a legal (licenses) standpoint?
Sonarqube Enterprise doesn’t check dependencies for license compliance.
But there’s a plugin (not provided and supported by Sonarsource) you may use
Though the latest version 5.x can only be used with Sonarqube 8.9 LTS and <= 9.2.x
Normally one uses a tool like Sonatype NexusIQ for checking dependencies in terms of licenses and vulnerabilities.
Thanks for the prompt response!