Giter VIP home page Giter VIP logo

Comments (6)

stevespringett avatar stevespringett commented on August 18, 2024

The widget needs to be removed. SQ 6 no longer supports them. Clicking on 'Vulnerabilities' will display DC results and there will be a Dependency-Check option on the menu to display the DC HTML report (if you've specified it).

from dependency-check-sonar-plugin.

NickHarvey2 avatar NickHarvey2 commented on August 18, 2024

Is this error occurring when you try to view the embedded report on the custom page? Have you specified both parameters telling the plugin where to find the xml and html versions of the report? i.e.
sonar.dependencyCheck.reportPath=${WORKSPACE}/dependency-check-report.xml
sonar.dependencyCheck.htmlReportPath=${WORKSPACE}/dependency-check-report.html
and that both reports are being generated, by specifying --format ALL when the dependency check scan is run?

from dependency-check-sonar-plugin.

davyrod avatar davyrod commented on August 18, 2024

Thanks for the responses. I'll take a look at both suggestions when I get back to my station.

from dependency-check-sonar-plugin.

davyrod avatar davyrod commented on August 18, 2024

So I have confirmed that report path parameters are both set correctly to the Jenkins workspace root, and that the Jenkins job is generating both the xml and HTML reports. Following @stevespringett instructions I clicked on 'Vulnerabilities' and I see 2 places where the 'OWASP-Dependency-Check' option is shown.

The first in the 'More' dropdown displays an empty page. The second as shown in the 'Measures' tab has values of '0' for every category.

image

image

from dependency-check-sonar-plugin.

NickHarvey2 avatar NickHarvey2 commented on August 18, 2024

so it sounds like the report is getting generated, but for whatever reason is not getting found and picked up by the plugin.

when the file can't be found the plugin should log out a debug message "Analysis aborted due to missing report file". Can you check the Jenkins build logs for something like this?

from dependency-check-sonar-plugin.

davyrod avatar davyrod commented on August 18, 2024

@NickHarvey2 You were correct I did see that in the logs and it helped me realize the reportpath did not need the ${WORKSPACE} environment variable since I placed the sonar-project.properties file and generated reports all in the workspace root folder. Once I removed the variable and re-ran the job all is well. Thank you both for your assistance.

from dependency-check-sonar-plugin.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.