Comments (10)
Reamer
commented on September 28, 2024
xmlReportPath is deprecated and removed.
Security Hotspot Feature is deprecated as well.
from dependency-check-sonar-plugin.
arturkasperek
commented on September 28, 2024
@Reamer hm - can I somehow integrate deps scan audit with sq native issues?
from dependency-check-sonar-plugin.
Erry91
commented on September 28, 2024
I am also interested in how to make vulnerabilities detections reported in the dependency-check scan appear in either "Issues" or "Security Hotspots"
from dependency-check-sonar-plugin.
Reamer
commented on September 28, 2024
@Reamer hm - can I somehow integrate deps scan audit with sq native issues?
Try deactivating the security hotspot feature.
from dependency-check-sonar-plugin.
mutzbraten
commented on September 28, 2024
xmlReportPathis deprecated and removed. Security Hotspot Feature is deprecated as well.
Where do I find documentation about the deprecation of security hotspot feature?
Is there any alternative suggested?
Does this mean, the bug will not be fixed?
from dependency-check-sonar-plugin.
Reamer
commented on September 28, 2024
Where do I find documentation about the deprecation of security hotspot feature?
I think here: https://docs.sonarsource.com/sonarqube/latest/user-guide/security-hotspots/
Issue types (bug, vulnerability, and code smell) are deprecated
Generally speaking, I can no longer mark a rule as a security hotspot in the source code. I think therefore I can not fix this bug.
from dependency-check-sonar-plugin.
Reamer
commented on September 28, 2024
Checkout SonarSource/sonar-plugin-api@6785fea for more
from dependency-check-sonar-plugin.
arturkasperek
commented on September 28, 2024
@Reamer is there a way to integrate deps audit results on some native sonarqube view?
Right now this plugin only enables to display HTML with results. Im using sq 10.4 (in previous version it worked fine and integrated)
from dependency-check-sonar-plugin.
Reamer
commented on September 28, 2024
This could be possible. However, I am not a frontend developer and therefore cannot implement this requirement.
from dependency-check-sonar-plugin.
arturkasperek
commented on September 28, 2024
@Reamer, I don't have frontend tweaks on my mind.
Sonarqube has a native solution to register custom issues. I think with the old SQ version, issues from dependency check step were correctly registered - right now I don't see anymore any issues
from dependency-check-sonar-plugin.
Related Issues (20)
- Update dependency-check-maven 9.0.X breaks Sonarqube Vulnerabilities report / JSON-Analysis aborted HOT 9
- NVD Api key config missing HOT 1
- SonarQube (Enterprise EditionVersion 10.3 --build 82913) Content Security Policy blocking the plugin resource HOT 7
- Html report break sonar UI
- Issue with Documentation for 10.2+ HOT 1
- Add "DownloadOnlyWhenRequired" to packaging HOT 2
- Update 5.0.0 Release Notes to Clarify SonarQube Version Compatibility HOT 2
- Pnpm vulnerabilities are not shown in sonarqube HOT 5
- [SonarQube] : Quality gates missing settings HOT 3
- Sonar dependency check multi project setup HOT 2
- Release 5.0 not compatible with SonarQube 9.9 LTA HOT 1
- Dependency-Check JSON report does not exists. JSON-Analysis skipped/aborted due to missing report file HOT 3
- Integration with SonarCloud HOT 3
- Not Flagging Hotspots Since Friday. HOT 5
- Dynamic parts of dependency report when opened from SonarQube not working HOT 4
- high_severity_vulns\u0027 does not exist HOT 3
- Report content is not deplyed within SonarQube HOT 1
- Critical CVEs only get C rating instead of E HOT 1
- SecurityHotspots don't work with the dotnet multi csproj example
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-check-sonar-plugin.