Comments (4)
@jycr I have tried multiple times to get it listed, once when it was originally released when SQ was using the old Haus infrastructure, and again when using the new.
There is too much process and rules that govern the creation and publishing of plugins. I will certainly not be asking a committee to vote every time I want to release a plugin. The whole process is nonsense and I do not want any part of it. As you can see, I have met all/most of their requirements already.
I am happy to write plugins for community consumption, but I expect the corporate entity that backs it to make it easy for the community to thrive. SonarSource does not do this.
This combined with major API changes between LTS releases and they are lucky to have the little community they do. If 7.x also has major API changes that require plugins be refactored, there will not be any future Dependency-Check SonarQube plugins from me.
from dependency-check-sonar-plugin.
I understand.
If you agree, I can do the "administrative steps" for you, and try to adapt the code to meet all the requirements.
Indeed, in our compagny, all needed plugins must come from marketplace. We can't install manually plugins
from dependency-check-sonar-plugin.
From my count, there are 23 plugins in the marketplace that are not developed by SonarSource or with the help of SonarSource. By comparison, there are 44 plugins recognized by SonarSource that are not included in the marketplace, including Dependency-Check. https://docs.sonarqube.org/display/PLUG/Other+Plugins
The ecosystem for community plugins not in the marketplace is larger than what's available in the marketplace. All available security-specific plugins are not available in the martketplace. This includes Checkmarx, Dependency-Check, ThreadFix, and ZAP.
There is no benefit to this project to include it.
from dependency-check-sonar-plugin.
@stevespringett any news on this?
from dependency-check-sonar-plugin.
Related Issues (20)
- Apache Log4j vulnerability HOT 3
- Support for Sonar 10.2 Software Quality Severities HOT 7
- [Quality Gates] : Owasp Dependency check HOT 1
- assets section of each release doesnt include .sha256 file HOT 1
- Integrate OWASP plugin with SonarQube from Azure Pipeline
- 9.0.2 of dependency-check plugin throws JSON parsing error with field "CvssV2.confidentialityImpact" HOT 4
- Update dependency-check-maven 9.0.X breaks Sonarqube Vulnerabilities report / JSON-Analysis aborted HOT 9
- NVD Api key config missing HOT 1
- SonarQube (Enterprise EditionVersion 10.3 --build 82913) Content Security Policy blocking the plugin resource HOT 7
- Html report break sonar UI
- Issue with Documentation for 10.2+ HOT 1
- Add "DownloadOnlyWhenRequired" to packaging HOT 2
- Update 5.0.0 Release Notes to Clarify SonarQube Version Compatibility HOT 2
- Pnpm vulnerabilities are not shown in sonarqube HOT 3
- [SonarQube] : Quality gates missing settings
- Sonar dependency check multi project setup
- Issues and hotspots doesn't include dependency-check vulnerabilities HOT 5
- Release 5.0 not compatible with SonarQube 9.9 LTA
- Dependency-Check JSON report does not exists. JSON-Analysis skipped/aborted due to missing report file HOT 2
- Integration with SonarCloud HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-check-sonar-plugin.