Thanks for the ticket 
I’m not sure if you will / want to release a new Sonarqube version for every CVE in an embedded runtime !?
Working for an insurance company we’re forced to update at once when there are critical CVEs.
WRT to the file size, it’s just nonsense for Enterprise customers, as our our build servers are staffed with all it needs.
The file size of sonar-javascript-plugin-10.16.0.27621-is bloated
WRT to caching, we’re using Jenkins nodes that are destroyed after use.
I know we could use some shared cache, but’s that’s just complicating things.
If the idea of provisioning is really implemented consistently, the dll for MSSQL integrated authentication would also have to be made available.
btw that’s almost a problem with every new Sonarqube version
The question is where to start and where to end with provisioning.
I would like to know where the idea of provisioning came from and I cannot imagine that this was a customer requirement.
With regard to “green it”, everyone should try to save some bandwitdh.