Managing dependency risks with SCA

Time to complete icon 1 hour to complete

Overview

This course is designed to help you understand how to address dependency risks found in project code using SonarQube Advanced Security. It provides step-by-step guidance on how to view, assess, and remediate security vulnerabilities and licensing risks detected in your code.

Learning objectives

After completing this course, you’ll be able to:

Identify common security vulnerabilities.
Prioritize dependency risks based on severity.
Interpret dependency risk severity scores.
Identify the exact path of a dependency.
Take steps to remediate a vulnerability.
Take steps to address open-source licensing risks.
Manage dependency risks in your IDE.
Create a Software Bill of Materials (SBOM).
Generate a risk report.

Key topics

Viewing and filtering dependency risks
Assessing risk scores
Direct and transitive dependencies
Maintainer insights
Using SonarQube for IDE
Leveraging SBOMs
Dependency risk reports

Target audience

Developers
Engineering leaders
Analysts

Prerequisites

SonarQube Server: 2025.4 LTA or later (Enterprise Edition or Data Center Edition)
SonarQube Cloud: Organization with an Enterprise plan
Active SonarQube Advanced Security license
Administration permissions in SonarQube
Required languages to support dependency analysis
Java 17 or later to run SonarScanner
Network connectivity

By category

SonarQube Cloud

SonarQube Server

Advanced Security

See all

By tag

Azure DevOps

Bitbucket

GitHub

See all

SonarQube Cloud

SonarQube Server

Advanced Security

See all

Azure DevOps

Bitbucket

GitHub

See all

By category

SonarQube Cloud

SonarQube Server

Advanced Security

See all

By tag

Azure DevOps

Bitbucket

GitHub

See all

By category

SonarQube Cloud

SonarQube Server

Advanced Security

See all

By tag

Azure DevOps

Bitbucket

GitHub

See all

Managing dependency risks with SCA

Overview

Learning objectives

Key topics

Target audience

Prerequisites