Integrates OWASP Dependency-Check reports into SonarQube
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. Dependency-Check supports the identification of project dependencies in a number of different languages including Java, .NET, and Python.