Using Sonarqube, can I get alert when there is a CVE on a dependency ?
I track software quality on Sonarqube and I have read about the dependency check integration. But it seems quite different from the dependency track platform where notifications can be triggered when a CVE affect a previous release.
Is CVE notifications on older releases available in SonarQube (with or without plugins)