Light

Support for Sonar 10.2 Software Quality Severities about dependency-check-sonar-plugin HOT 7 CLOSED

Blir commented on July 1, 2024 4

Support for Sonar 10.2 Software Quality Severities

from dependency-check-sonar-plugin.

Comments (7)

readonlyuser1 commented on July 1, 2024 1

I took the latest changes from the Master Branch (sonar-dependency-check-plugin-5.0.0-SNAPSHOT.jar) and this is what I get after rebooting sonarqube

2024.01.01 00:11:11 WARN  web[][o.s.c.a.AnnotationConfigApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.qualityprofile.RegisterQualityProfiles': 
Initialization of bean failed; nested exception is BadRequestException{errors=
[Rule was removed: OWASP:UsingComponentWithKnownVulnerabilitySecurityHotspot]}

2024.01.01 00:11:11 ERROR web[][o.s.s.p.Platform] Background initialization failed. 
Stopping SonarQube org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.qualityprofile.RegisterQualityProfiles': Initialization of bean failed; 
nested exception is BadRequestException{errors=[Rule was removed: OWASP:UsingComponentWithKnownVulnerabilitySecurityHotspot]}
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:628)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:955)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:920)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
        at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:200)
        at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:80)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:58)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:134)
        at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:46)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:131)
        at org.sonar.server.platform.PlatformImpl.executeStartupTasks(PlatformImpl.java:201)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:362)
        at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:346)
        at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: org.sonar.server.exceptions.BadRequestException: Rule was removed: OWASP:UsingComponentWithKnownVulnerabilitySecurityHotspot
        at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:65)
        at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:59)
        at org.sonar.server.exceptions.BadRequestException.checkRequest(BadRequestException.java:44)
        at org.sonar.server.qualityprofile.builtin.RuleActivator.doActivateRecursively(RuleActivator.java:99)
        at org.sonar.server.qualityprofile.builtin.RuleActivator.activate(RuleActivator.java:94)
        at org.sonar.server.qualityprofile.builtin.RuleActivator.lambda$activate$0(RuleActivator.java:87)
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
        at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
        at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)
        at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
        at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)
        at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)
        at java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627)
        at org.sonar.server.qualityprofile.builtin.RuleActivator.activate(RuleActivator.java:89)
        at org.sonar.server.qualityprofile.builtin.BuiltInQProfileUpdateImpl.update(BuiltInQProfileUpdateImpl.java:77)
        at org.sonar.server.qualityprofile.RegisterQualityProfiles.update(RegisterQualityProfiles.java:006)
        at org.sonar.server.qualityprofile.RegisterQualityProfiles.lambda$start$1(RegisterQualityProfiles.java:104)
        at java.base/java.lang.Iterable.forEach(Iterable.java:75)
        at org.sonar.server.qualityprofile.RegisterQualityProfiles.start(RegisterQualityProfiles.java:99)
        at org.sonar.core.platform.StartableBeanPostProcessor.postProcessBeforeInitialization(StartableBeanPostProcessor.java:33)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanF                       actory.java:440)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1796)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:620)
        ... 19 common frames omitted
2024.01.01 00:11:12 INFO  web[][o.s.p.ProcessEntryPoint] Hard stopping process
2024.01.01 00:11:12 INFO  web[][o.s.s.e.CoreExtensionStopper] Stopping Governance
2024.01.01 00:11:12 INFO  web[][o.s.s.e.CoreExtensionStopper] Stopping Governance (done) | time=1ms
2024.01.01 00:11:12 INFO  web[][o.s.s.n.NotificationDaemon] Notification service stopped
2024.01.01 00:11:12 INFO  web[][c.z.h.HikariDataSource] HikariPool-1 - Shutdown initiated...
2024.01.01 00:11:12 INFO  web[][c.z.h.HikariDataSource] HikariPool-1 - Shutdown completed.

==> /opt/sonarqube/logs/sonar.log <==
2024.01.01 00:11:12 INFO  app[][o.s.a.SchedulerImpl] Process[Web Server] is stopped

==> /opt/sonarqube/logs/nohup.log <==
2024.01.01 00:11:12 INFO  app[][o.s.a.SchedulerImpl] Process[Web Server] is stopped

==> /opt/sonarqube/logs/es.log <==
2024.01.01 00:11:12 INFO  es[][o.e.n.Node] stopping ...
2024.01.01 00:11:12 INFO  es[][o.e.c.f.AbstractFileWatchingService] shutting down watcher thread
2024.01.01 00:11:12 INFO  es[][o.e.c.f.AbstractFileWatchingService] watcher service stopped
2024.01.01 00:11:12 INFO  es[][o.e.n.Node] stopped
2024.01.01 00:11:12 INFO  es[][o.e.n.Node] closing ...
2024.01.01 00:11:12 INFO  es[][o.e.n.Node] closed

==> /opt/sonarqube/logs/sonar.log <==
2024.01.01 00:11:12 INFO  app[][o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped
2024.01.01 00:11:12 WARN  app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [ElasticSearch]: 001

==> /opt/sonarqube/logs/nohup.log <==
2024.01.01 00:11:12 INFO  app[][o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped

==> /opt/sonarqube/logs/sonar.log <==
2024.01.01 00:11:12 INFO  app[][o.s.a.SchedulerImpl] SonarQube is stopped

==> /opt/sonarqube/logs/nohup.log <==
2024.01.01 00:11:12 WARN  app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [ElasticSearch]: 001
2024.01.01 00:11:12 INFO  app[][o.s.a.SchedulerImpl] SonarQube is stopped

from dependency-check-sonar-plugin.

readonlyuser1 commented on July 1, 2024

Current behavior
This plugin only references deprecated severity levels.

Versions (please complete the following information):
sonarqube 10.3.0.82913
dependency-check-sonar-plugin 4.0.0

from dependency-check-sonar-plugin.

thomassui commented on July 1, 2024

I would like to underline this report. I have discovered the same issue. The mapping of Blocker, Critical and Major issue severity findings are mapped on the newly introduced software qualities impact severity "Medium" in Sonar 10. As requested by Blir it would help a lot to have a configuration in place which reflects the new software qualities impact severity (High, Medium, Low).

from dependency-check-sonar-plugin.

NIGCH commented on July 1, 2024

Hi @Reamer, this is happening after the security hotspot rule was removed. Does this need reinstating or does something else need to change?

from dependency-check-sonar-plugin.

Reamer commented on July 1, 2024

I have not yet tried this myself. I also don't know how to remove Rules. Maybe you have to mark them as deprecated first. Is there still the feature of security hotspots in SonarQube 10.2?

from dependency-check-sonar-plugin.

NIGCH commented on July 1, 2024

Yes, so I've created a PR to reinstate it (the original change was just to remove a deprecated method on the rule).

from dependency-check-sonar-plugin.

Reamer commented on July 1, 2024

I have just released 5.0.0. With the new version and the help of @NIGCH , the error should no longer occur.

from dependency-check-sonar-plugin.

Related Issues (20)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.