Comments (7)
I took the latest changes from the Master Branch (sonar-dependency-check-plugin-5.0.0-SNAPSHOT.jar) and this is what I get after rebooting sonarqube
2024.01.01 00:11:11 WARN web[][o.s.c.a.AnnotationConfigApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.qualityprofile.RegisterQualityProfiles':
Initialization of bean failed; nested exception is BadRequestException{errors=
[Rule was removed: OWASP:UsingComponentWithKnownVulnerabilitySecurityHotspot]}
2024.01.01 00:11:11 ERROR web[][o.s.s.p.Platform] Background initialization failed.
Stopping SonarQube org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@5ffd2b27-org.sonar.server.qualityprofile.RegisterQualityProfiles': Initialization of bean failed;
nested exception is BadRequestException{errors=[Rule was removed: OWASP:UsingComponentWithKnownVulnerabilitySecurityHotspot]}
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:628)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:955)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:920)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:200)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:80)
at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:58)
at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:134)
at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:46)
at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:131)
at org.sonar.server.platform.PlatformImpl.executeStartupTasks(PlatformImpl.java:201)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:362)
at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:346)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: org.sonar.server.exceptions.BadRequestException: Rule was removed: OWASP:UsingComponentWithKnownVulnerabilitySecurityHotspot
at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:65)
at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:59)
at org.sonar.server.exceptions.BadRequestException.checkRequest(BadRequestException.java:44)
at org.sonar.server.qualityprofile.builtin.RuleActivator.doActivateRecursively(RuleActivator.java:99)
at org.sonar.server.qualityprofile.builtin.RuleActivator.activate(RuleActivator.java:94)
at org.sonar.server.qualityprofile.builtin.RuleActivator.lambda$activate$0(RuleActivator.java:87)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)
at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)
at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)
at java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627)
at org.sonar.server.qualityprofile.builtin.RuleActivator.activate(RuleActivator.java:89)
at org.sonar.server.qualityprofile.builtin.BuiltInQProfileUpdateImpl.update(BuiltInQProfileUpdateImpl.java:77)
at org.sonar.server.qualityprofile.RegisterQualityProfiles.update(RegisterQualityProfiles.java:006)
at org.sonar.server.qualityprofile.RegisterQualityProfiles.lambda$start$1(RegisterQualityProfiles.java:104)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.sonar.server.qualityprofile.RegisterQualityProfiles.start(RegisterQualityProfiles.java:99)
at org.sonar.core.platform.StartableBeanPostProcessor.postProcessBeforeInitialization(StartableBeanPostProcessor.java:33)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanF actory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1796)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:620)
... 19 common frames omitted
2024.01.01 00:11:12 INFO web[][o.s.p.ProcessEntryPoint] Hard stopping process
2024.01.01 00:11:12 INFO web[][o.s.s.e.CoreExtensionStopper] Stopping Governance
2024.01.01 00:11:12 INFO web[][o.s.s.e.CoreExtensionStopper] Stopping Governance (done) | time=1ms
2024.01.01 00:11:12 INFO web[][o.s.s.n.NotificationDaemon] Notification service stopped
2024.01.01 00:11:12 INFO web[][c.z.h.HikariDataSource] HikariPool-1 - Shutdown initiated...
2024.01.01 00:11:12 INFO web[][c.z.h.HikariDataSource] HikariPool-1 - Shutdown completed.
==> /opt/sonarqube/logs/sonar.log <==
2024.01.01 00:11:12 INFO app[][o.s.a.SchedulerImpl] Process[Web Server] is stopped
==> /opt/sonarqube/logs/nohup.log <==
2024.01.01 00:11:12 INFO app[][o.s.a.SchedulerImpl] Process[Web Server] is stopped
==> /opt/sonarqube/logs/es.log <==
2024.01.01 00:11:12 INFO es[][o.e.n.Node] stopping ...
2024.01.01 00:11:12 INFO es[][o.e.c.f.AbstractFileWatchingService] shutting down watcher thread
2024.01.01 00:11:12 INFO es[][o.e.c.f.AbstractFileWatchingService] watcher service stopped
2024.01.01 00:11:12 INFO es[][o.e.n.Node] stopped
2024.01.01 00:11:12 INFO es[][o.e.n.Node] closing ...
2024.01.01 00:11:12 INFO es[][o.e.n.Node] closed
==> /opt/sonarqube/logs/sonar.log <==
2024.01.01 00:11:12 INFO app[][o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped
2024.01.01 00:11:12 WARN app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [ElasticSearch]: 001
==> /opt/sonarqube/logs/nohup.log <==
2024.01.01 00:11:12 INFO app[][o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped
==> /opt/sonarqube/logs/sonar.log <==
2024.01.01 00:11:12 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
==> /opt/sonarqube/logs/nohup.log <==
2024.01.01 00:11:12 WARN app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [ElasticSearch]: 001
2024.01.01 00:11:12 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
from dependency-check-sonar-plugin.
Current behavior
This plugin only references deprecated severity levels.
Versions (please complete the following information):
sonarqube 10.3.0.82913
dependency-check-sonar-plugin 4.0.0
from dependency-check-sonar-plugin.
I would like to underline this report. I have discovered the same issue. The mapping of Blocker, Critical and Major issue severity findings are mapped on the newly introduced software qualities impact severity "Medium" in Sonar 10. As requested by Blir it would help a lot to have a configuration in place which reflects the new software qualities impact severity (High, Medium, Low).
from dependency-check-sonar-plugin.
Hi @Reamer, this is happening after the security hotspot rule was removed. Does this need reinstating or does something else need to change?
from dependency-check-sonar-plugin.
I have not yet tried this myself. I also don't know how to remove Rules. Maybe you have to mark them as deprecated first. Is there still the feature of security hotspots in SonarQube 10.2?
from dependency-check-sonar-plugin.
Yes, so I've created a PR to reinstate it (the original change was just to remove a deprecated method on the rule).
from dependency-check-sonar-plugin.
I have just released 5.0.0. With the new version and the help of @NIGCH , the error should no longer occur.
from dependency-check-sonar-plugin.
Related Issues (20)
- Quality gate uses original severity of the issue, not the user assigned one HOT 7
- Can't see CVEs (vulnerabilities) on Sonar UI under Project>Issues. Used to see them in the past. Has anything changed? HOT 7
- False positive: NPM package ionicabizau/parse-url confused with parseurl HOT 2
- Examples and tests still use removed `sonar.dependencyCheck.reportPath` property HOT 5
- Cannot collspae Published Vulnerabilities in SonarQube HOT 6
- The dependency check scan is not uploading the reports when scanning a project HOT 3
- URI encoded package names do not match names in lock-file HOT 8
- Apache Log4j vulnerability HOT 3
- [Quality Gates] : Owasp Dependency check HOT 1
- assets section of each release doesnt include .sha256 file HOT 1
- Integrate OWASP plugin with SonarQube from Azure Pipeline
- 9.0.2 of dependency-check plugin throws JSON parsing error with field "CvssV2.confidentialityImpact" HOT 4
- Update dependency-check-maven 9.0.X breaks Sonarqube Vulnerabilities report / JSON-Analysis aborted HOT 9
- NVD Api key config missing HOT 1
- SonarQube (Enterprise EditionVersion 10.3 --build 82913) Content Security Policy blocking the plugin resource HOT 7
- Html report break sonar UI
- Issue with Documentation for 10.2+ HOT 1
- Add "DownloadOnlyWhenRequired" to packaging HOT 2
- Update 5.0.0 Release Notes to Clarify SonarQube Version Compatibility HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-check-sonar-plugin.