Need updated version to use with Sonarqube 6.0 about dependency-check-sonar-plugin HOT 9 CLOSED

Not surprised it doesn't work in 6 considering it just came out and there are many things being refactored. Try using the plugin in the latest LTS release, currently 5.6.1. It should work flawlessly.

I'll need to investigate why the plugin doesn't work in 6 and wait for 6.1 or 6.2 to be released why we're waiting for things to stabilize. Same thing happened with the jump to 5. I'm sure other plugin authors are facing similar issues as well.

from dependency-check-sonar-plugin.

Hello,
I haven't been able to test the plugin yet, but please, is there any prediction about compatibility with Sonar 6.0?

Thanks!

from dependency-check-sonar-plugin.

SonarSource is in the middle of major refactoring which is typical of their non-LTS releases. The dashboard functionality has been removed from Sonar but it's replacement has not yet been implemented. So there's nothing we can do at the moment and every plugin that utilizes custom widgets is affected, not just this project. As soon as an 6.x LTS release is available, we'l publish a version of the plugin compatible with that branch. But for the time being, things are changing too much and 6.x doesn't have the necessary functionality to support this and many other plugins.

from dependency-check-sonar-plugin.

Hey Steve, thanks for responding! I understand that you only want to target LTS-Versions since SonarSource is still refactoring like crazy. Still, the 6.x version has a lot to offer, so I ported the plugin to the new version until you get to do the "official" update :-)

I did send you a pull request with the required changes, but fully understand if you won't merge it, since there are a lot of changes in there - the plugin hasn't been touched for a while and sonar requires lot's of minor changes to even get the build back up running with the latest sonarsource-parent.

I tested this with sonarqube 6.2. If anyone else want's to give it a try, here is a binary:

https://github.com/gtudan/dependency-check-sonar-plugin/releases/download/1.1.0/sonar-dependency-check-plugin-1.1.0-SNAPSHOT.jar

from dependency-check-sonar-plugin.

Thanks for providing a 1.1.0-SNAPSHOT.

Tried to fix it myself for sonarqube 6.1, pethers@d9f52db but didn't get any report.

Will test https://github.com/gtudan/dependency-check-sonar-plugin/releases/download/1.1.0/sonar-dependency-check-plugin-1.1.0-SNAPSHOT.jar with Sonarqube 6.1 .

from dependency-check-sonar-plugin.

@gtudan Thanks for the PR. SQ 6.3 is suppose to contain the replacement for customer dashboards and widgets, so the PR comes at a good time considering 6.3 is nearly complete. I will likely not merge it into master but rather a dev branch which will be unstable until 6.x LTS is released. Although I have not tried the RC versions of 6.3, the way it was described seems to be highly disappointing since the metrics will now be on their own page completely independent from aggregate data. Hopefully I'm wrong. We shall see.

https://groups.google.com/forum/#!searchin/sonarqube/dashboard%7Csort:relevance/sonarqube/Ir1sE6OVW40/UhilWd_CAQAJ

from dependency-check-sonar-plugin.

@gtutan your snapshot worked on sonarqube 6.1 , runs on https://www.hack23.com/sonar/ .

from dependency-check-sonar-plugin.

@pethers Great, nice to see it's working!

@stevespringett yeah, I followed the discussion there. Custom dashboards seem to be very important for many of the sonar users and it's a shame Sonarsource just dropped them without any replacement in sight. I'm not sure what they have in mind for 6.3 but the announcement doesn't sound like it's going to be a drop in replacement.

That said, I don't think this is a dealbreaker for the dependency-check-plugin. I'm quiet fine with the plugin just creating the issues. The measures are still there and it's pretty easy to incorporate them in a 3rd party dashboard like dashing through the API.

from dependency-check-sonar-plugin.

Closing issue. A binary version of the plugin compatible with 6.3 and higher will be pushed out in the next day or two.

from dependency-check-sonar-plugin.