Reputation: 57
How to detect the depenency check vulnerabilities on sonarqube?
I'm trying to run dependency check on sonarqube through jenkins using dependency check plugin. I'm able to generate report. but its not showing on sonarqube in vulnerability section. it says 0 vulnerabilities. I also installed dependency check plugin on sonarqube server. It is able to show the report on the dashboard if i pass the path of the dependency check. But i need to show vulnerability tab.
Following actions as below in jenkins at Post Steps section
at Invoke Dependency check
--project sample --scan target/*.war --format HTML
at Execute sonarqube scanner
sonar.properties analysis
sonar.projectKey=test
sonar.projectName=test1
sonar.projectVersion=1.0
sonar.sources=.
sonar.language=java
sonar.java.binaries=target/*
sonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html
on sonarqube dashboard all sections good like quality gateway, new bugs... but vulnerabilities shows zero. i have tried all the way but no luck
Upvotes: 2
Views: 1139
Answers (1)
Reputation: 1
You also need to add:
sonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json
Upvotes: -1
Related Questions
- SonarQube dependency check sonar plugin
- How to fail a maven build, when quality gate fails?
- Can't get the html generated report using dependency-check-sonar-plugin
- Sonar Maven plugin finds more bugs than Sonar Jenkins or Sonar CLI Scanner on multi-module Maven project
- Fail SonarQube quality gate if no tests were run
- Can not execute SonarQube analysis from Jenkins
- How to check test quality with Sonar?
- Does SonarQube analyse Maven dependencies by default?
- Sonarqube analysis for non maven projects using Jenkins
- SonarQube - Dependency Issues with Maven