Comments (9)
Not surprised it doesn't work in 6 considering it just came out and there are many things being refactored. Try using the plugin in the latest LTS release, currently 5.6.1. It should work flawlessly.
I'll need to investigate why the plugin doesn't work in 6 and wait for 6.1 or 6.2 to be released why we're waiting for things to stabilize. Same thing happened with the jump to 5. I'm sure other plugin authors are facing similar issues as well.
from dependency-check-sonar-plugin.
Hello,
I haven't been able to test the plugin yet, but please, is there any prediction about compatibility with Sonar 6.0?
Thanks!
from dependency-check-sonar-plugin.
SonarSource is in the middle of major refactoring which is typical of their non-LTS releases. The dashboard functionality has been removed from Sonar but it's replacement has not yet been implemented. So there's nothing we can do at the moment and every plugin that utilizes custom widgets is affected, not just this project. As soon as an 6.x LTS release is available, we'l publish a version of the plugin compatible with that branch. But for the time being, things are changing too much and 6.x doesn't have the necessary functionality to support this and many other plugins.
from dependency-check-sonar-plugin.
Hey Steve, thanks for responding! I understand that you only want to target LTS-Versions since SonarSource is still refactoring like crazy. Still, the 6.x version has a lot to offer, so I ported the plugin to the new version until you get to do the "official" update :-)
I did send you a pull request with the required changes, but fully understand if you won't merge it, since there are a lot of changes in there - the plugin hasn't been touched for a while and sonar requires lot's of minor changes to even get the build back up running with the latest sonarsource-parent.
I tested this with sonarqube 6.2. If anyone else want's to give it a try, here is a binary:
from dependency-check-sonar-plugin.
Thanks for providing a 1.1.0-SNAPSHOT.
Tried to fix it myself for sonarqube 6.1, pethers@d9f52db but didn't get any report.
Will test https://github.com/gtudan/dependency-check-sonar-plugin/releases/download/1.1.0/sonar-dependency-check-plugin-1.1.0-SNAPSHOT.jar with Sonarqube 6.1 .
from dependency-check-sonar-plugin.
@gtudan Thanks for the PR. SQ 6.3 is suppose to contain the replacement for customer dashboards and widgets, so the PR comes at a good time considering 6.3 is nearly complete. I will likely not merge it into master but rather a dev branch which will be unstable until 6.x LTS is released. Although I have not tried the RC versions of 6.3, the way it was described seems to be highly disappointing since the metrics will now be on their own page completely independent from aggregate data. Hopefully I'm wrong. We shall see.
from dependency-check-sonar-plugin.
@gtutan your snapshot worked on sonarqube 6.1 , runs on https://www.hack23.com/sonar/ .
from dependency-check-sonar-plugin.
@pethers Great, nice to see it's working!
@stevespringett yeah, I followed the discussion there. Custom dashboards seem to be very important for many of the sonar users and it's a shame Sonarsource just dropped them without any replacement in sight. I'm not sure what they have in mind for 6.3 but the announcement doesn't sound like it's going to be a drop in replacement.
That said, I don't think this is a dealbreaker for the dependency-check-plugin. I'm quiet fine with the plugin just creating the issues. The measures are still there and it's pretty easy to incorporate them in a 3rd party dashboard like dashing through the API.
from dependency-check-sonar-plugin.
Closing issue. A binary version of the plugin compatible with 6.3 and higher will be pushed out in the next day or two.
from dependency-check-sonar-plugin.
Related Issues (20)
- Quality gate uses original severity of the issue, not the user assigned one HOT 7
- Can't see CVEs (vulnerabilities) on Sonar UI under Project>Issues. Used to see them in the past. Has anything changed? HOT 7
- False positive: NPM package ionicabizau/parse-url confused with parseurl HOT 2
- Examples and tests still use removed `sonar.dependencyCheck.reportPath` property HOT 5
- Cannot collspae Published Vulnerabilities in SonarQube HOT 6
- The dependency check scan is not uploading the reports when scanning a project HOT 3
- URI encoded package names do not match names in lock-file HOT 8
- Apache Log4j vulnerability HOT 3
- Support for Sonar 10.2 Software Quality Severities HOT 7
- [Quality Gates] : Owasp Dependency check HOT 1
- assets section of each release doesnt include .sha256 file HOT 1
- Integrate OWASP plugin with SonarQube from Azure Pipeline
- 9.0.2 of dependency-check plugin throws JSON parsing error with field "CvssV2.confidentialityImpact" HOT 4
- Update dependency-check-maven 9.0.X breaks Sonarqube Vulnerabilities report / JSON-Analysis aborted HOT 9
- NVD Api key config missing HOT 1
- SonarQube (Enterprise EditionVersion 10.3 --build 82913) Content Security Policy blocking the plugin resource HOT 7
- Html report break sonar UI
- Issue with Documentation for 10.2+ HOT 1
- Add "DownloadOnlyWhenRequired" to packaging HOT 2
- Update 5.0.0 Release Notes to Clarify SonarQube Version Compatibility HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-check-sonar-plugin.