Allow it to be turned on/off through the Sonar GUI about dependency-check-sonar-plugin HOT 3 CLOSED

What aspect do you want enabled/disabled. Currently, if a dependency-check report was not specified during an analysis, the portlet will not show up on the dashboard.

from dependency-check-sonar-plugin.

Sorry, to be clearer with the problem.
We use Maven as our build system. We have a top level POM that all projects use as their parent project. This project defines the following tags (relevant fragments below):

<sonar.dependencyCheck.reportPath>target/dependency-check/dependency-check-report.xml</sonar.dependencyCheck.reportPath>
<dependency.check.report.dir>target/dependency-check</dependency.check.report.dir>

OWASP

false





org.owasp
dependency-check-maven

8
true
ALL
${dependency.check.report.dir}




aggregate

Some projects are currently built without the -P OWASP profile active and therefore aren't generating the dependency file. However when they try to publish into Sonar with your plugin active they get the following error:

[ERROR] Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.5:sonar (default-cli) on project ao: Dependency-Check report does not exist. Please check property sonar.dependencyCheck.reportPath: target/dependency-check/dependency-check-report.xml -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.5:sonar (default-cli) on project ao: Dependency-Check report does not exist. Please check property sonar.dependencyCheck.reportPath: target/dependency-check/dependency-check-report.xml
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:216)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:862)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:286)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:197)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Dependency-Check report does not exist. Please check property sonar.dependencyCheck.reportPath: target/dependency-check/dependency-check-report.xml
at org.codehaus.mojo.sonar.bootstrap.ExceptionHandling.handle(ExceptionHandling.java:41)
at org.codehaus.mojo.sonar.bootstrap.RunnerBootstraper.execute(RunnerBootstraper.java:139)
at org.codehaus.mojo.sonar.SonarMojo.execute(SonarMojo.java:138)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
... 20 more
Caused by: Dependency-Check report does not exist. Please check property sonar.dependencyCheck.reportPath: target/dependency-check/dependency-check-report.xml

and the build fails.

I would like either to be able to turn off your sonar plugin per project in Sonar so that it doesn't generate this error or generate a warning but allow the build to continue if that file doesn't exist?

from dependency-check-sonar-plugin.

Hi Steve,

Would it be possible to release 1.0.2 with this fixed?

Thanks

Matt

from dependency-check-sonar-plugin.