Check vulnerabilities with Dependency Track for SonarQube Server

September 2, 2025

For developers who use SonarQube Server and Dependency-Track, switching between tools to review vulnerabilities can be a headache and a waste of time. Our Dependency Track for SonarQube plugin solves this problem by integrating both platforms, allowing you to check vulnerabilities directly from your SonarQube instance. In this article, we’ll show you what you can do with this plugin and how it will help you save time in your daily workflow.

What Does Dependency Track for SonarQube Do?

Dependency Track for SonarQube allows you to get information about your code vulnerabilities without leaving SonarQube Server, saving time and improving efficiency.

In the image below, you can see the page you get in SonarQube thanks to this plugin. Here, you’ll find a first section with a card that includes a summary of vulnerabilities and the components of a specific project, along with their Risk Score value.

Dependency Track for SonarQube Card

Next, you’ll find a card with a detailed list of vulnerabilities sorted by their severity level: critical, high, medium, low, and unassigned.

Vulnerability list in Dependency Track for SonarQube

Benefits of Dependency Track for SonarQube

Here’s a list of benefits developers get when working with this product:

  • Efficiency: Manage your tasks directly from the SonarQube interface, without switching tabs.

  • Proactive Security: Detect and mitigate risks before they escalate.

  • Scalability: The perfect plugin for projects with many dependencies.

  • Easy Setup: Connect your Dependency-Track server in seconds.

Frequently Asked Questions

1. What versions of SonarQube are compatible?
It works with both LTS and recent versions. Check the official documentation for specific details.

2. Do I need my own Dependency-Track instance?
Yes, the plugin connects to your Dependency-Track server using an API key.

3. Is the plugin free?
It offers a 14-day free trial. A full license costs €600 per year.

Managing vulnerabilities and dependencies is key to maintaining your software’s security and quality. With Dependency Track for SonarQube™, you can centralize all this information within your SonarQube instance, avoiding the need to switch between tools and gaining a clear, visual view of your project’s risks.

You can download and install this plugin in your instance through this link.

bitegarden team

Helping companies to develop better software

Back to blog

Leave a comment!