Third-party software scanning

I am quite new to the subject, so apologies if this was answered already. We are thinking of purchasing SonarCube enterprise to do code inspection. I wondered if the inspection covers third-party (open source or licensed) software scanning from a legal (licenses) standpoint?
Thank you

Welcome :slight_smile:

Sonarqube Enterprise doesn’t check dependencies for license compliance.
But there’s a plugin (not provided and supported by Sonarsource) you may use

Though the latest version 5.x can only be used with Sonarqube 8.9 LTS and <= 9.2.x

Normally one uses a tool like Sonatype NexusIQ for checking dependencies in terms of licenses and vulnerabilities.



Thanks for the prompt response!