Comments (6)
The widget needs to be removed. SQ 6 no longer supports them. Clicking on 'Vulnerabilities' will display DC results and there will be a Dependency-Check option on the menu to display the DC HTML report (if you've specified it).
from dependency-check-sonar-plugin.
Is this error occurring when you try to view the embedded report on the custom page? Have you specified both parameters telling the plugin where to find the xml and html versions of the report? i.e.
sonar.dependencyCheck.reportPath=${WORKSPACE}/dependency-check-report.xml
sonar.dependencyCheck.htmlReportPath=${WORKSPACE}/dependency-check-report.html
and that both reports are being generated, by specifying --format ALL
when the dependency check scan is run?
from dependency-check-sonar-plugin.
Thanks for the responses. I'll take a look at both suggestions when I get back to my station.
from dependency-check-sonar-plugin.
So I have confirmed that report path parameters are both set correctly to the Jenkins workspace root, and that the Jenkins job is generating both the xml and HTML reports. Following @stevespringett instructions I clicked on 'Vulnerabilities' and I see 2 places where the 'OWASP-Dependency-Check' option is shown.
The first in the 'More' dropdown displays an empty page. The second as shown in the 'Measures' tab has values of '0' for every category.
from dependency-check-sonar-plugin.
so it sounds like the report is getting generated, but for whatever reason is not getting found and picked up by the plugin.
when the file can't be found the plugin should log out a debug message "Analysis aborted due to missing report file". Can you check the Jenkins build logs for something like this?
from dependency-check-sonar-plugin.
@NickHarvey2 You were correct I did see that in the logs and it helped me realize the reportpath did not need the ${WORKSPACE} environment variable since I placed the sonar-project.properties file and generated reports all in the workspace root folder. Once I removed the variable and re-ran the job all is well. Thank you both for your assistance.
from dependency-check-sonar-plugin.
Related Issues (20)
- Integrate OWASP plugin with SonarQube from Azure Pipeline
- 9.0.2 of dependency-check plugin throws JSON parsing error with field "CvssV2.confidentialityImpact" HOT 4
- Update dependency-check-maven 9.0.X breaks Sonarqube Vulnerabilities report / JSON-Analysis aborted HOT 9
- NVD Api key config missing HOT 1
- SonarQube (Enterprise EditionVersion 10.3 --build 82913) Content Security Policy blocking the plugin resource HOT 7
- Html report break sonar UI
- Issue with Documentation for 10.2+ HOT 1
- Add "DownloadOnlyWhenRequired" to packaging HOT 2
- Update 5.0.0 Release Notes to Clarify SonarQube Version Compatibility HOT 2
- Pnpm vulnerabilities are not shown in sonarqube HOT 5
- [SonarQube] : Quality gates missing settings HOT 3
- Sonar dependency check multi project setup HOT 2
- Issues and hotspots doesn't include dependency-check vulnerabilities HOT 10
- Release 5.0 not compatible with SonarQube 9.9 LTA HOT 1
- Dependency-Check JSON report does not exists. JSON-Analysis skipped/aborted due to missing report file HOT 3
- Integration with SonarCloud HOT 2
- Not Flagging Hotspots Since Friday. HOT 5
- Dynamic parts of dependency report when opened from SonarQube not working HOT 1
- high_severity_vulns\u0027 does not exist HOT 3
- Report content is not deplyed within SonarQube
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-check-sonar-plugin.