Dependency Check for SonarCloud

Sync Dependency Check information with your SonarCloud


Sync Dependecy Check analysis with your SonarCloud

Want to import useful Dependecy Check information to your SonarCloud instance?

bitegarden Dependency Check for SonarCloud is what you need.

Thanks to this bitegarden product you can convert the information registered in Dependecy Check and import it to SonarCloud.

Now you can have the complete analysis of your code in one place, centralizing the information and facilitating the development of quality and safe code.


Dependecy Check for SonarCloud


Currently SonarCloud does not support the Dependency Checksolution. So if you want to use it, the only option is to use SonarQube.

However, thanks to our bitegarden Dependency Check for SonarCloud you can use it in your SonarCloud instance. All you have to do is:

- Analyze your projects with Dependecy Check as you have always done.

- Use our product to convert the file that generates the Dependency Check (JSON or XML) to the format required by SonarCloud.

- Import it to SonarCloud and check for vulnerabilities without leaving your instance.

Below is documentation explaining how to import vulnerabilities into your SonarCloud analysis, including the file generated using the sonar.externalIssuesReportPaths parameter.

Access the documentation here.

Issues SonarCloud

First steps

bitegarden Dependecy Check for SonarCloud™ requires Java 8 or higher.

Quick Guide: generate a file with the vulnerabilities of a Dependency Check report for your SonarCloud&trade project;

Once you’ve downloaded the product will have an auto executable "jar" file.

Simply place it in your file system and run the jar with the "-help" option to see all available options:

java -jar bitegarden-dependency-check-for-sonarcloud.jar --help

The result should show you all available options:


bitegarden Dependency Check for SonarCloud (1.0). Copyright (C) 2024 bitegarden. All rights reserved.
Loading properties from command line (-Dname=value)... if found, it will override configuration file properties
No configuration found.
bitegarden Dependency Check for SonarCloud. Command Line usage:

java -Dconfig.file=PATH_TO_CONFIG_FILE -Dlicense.file=PATH_TO_LICENSE_FILE ... -jar bitegarden-dependency-check-for-sonarcloud-1.0.jar

  config.file = path to properties file including all the parameters required to generate the reports. 
                This is optional. You can set all the properties through command line args using -DpropertyName=propertyValue
                Note that if you use a config file and command line arguments, arguments will override config file
  license.file = path to file with your license key provided by bitegarden.
                  By default a 14 days trial version will be used if license file is not provided

Mandatory properties:

        dependency.check.file = path to Dependency-Check file. Compatible formats (JSON and XML)
        sonar.organizationKey = your organization key used to create license.
Optional properties:

        vulnerabilities.file.path = path to project file to add new vulnerabilities in SonarCloud
        output = File name for the generated report (Without .json extension)


All properties can be provided through the command line as system arguments using "-D" or through a file custom configuration.

If you use a custom configuration file you must run the application with the argument "-Dconfig.file" providing the path to your file of properties with the configuration:

java  -jar bitegarden-dependency-check-for-sonarcloud.jar --help

If you prefer you can pass all options through the command line with "-D":

java  -Ddependency.check.file=vulnerabilities.json -Dsonar.organitzationKey=bitegarden -jar bitegarden-dependency-check-for-sonarcloud.jar --help

If an option is defined on both sites (one configuration file and one argument per command line), the value provided on the command line will be used. This way you can have a common configuration file with shared properties (such as sonar.organizationKey) and then simply use the arguments for specific options such as "dependency.check.file", for example.

Using license key

By default when you download the product you can use for 14 days in evaluation mode. Once the evaluation is complete, you will need to purchase the product and obtain a valid license key. The license key is provided in a text file. To use this license file you must set the "license.file" property with the path to the license file in your configuration file (or via a command line argument). The license is tied to your organization’s key. Here’s an example to generate a report using a product license via a command line argument:

java -Dlicense.file=PATH_TO_LICENSE_FILE -jar bitegarden-dependency-check-for-sonarcloud.jar --help

Support and resolution of problems

If you have any problems please create a support request on our support center and we will be happy to help you find a solution.

Requests support

Get your Dependency Check for SonarCloud right now!

Free Trial

Evaluation license

  • 14 days evaluation license
  • After submitting the form your download will start including an embedded trial key