Comments (7)
Which version of SonarQube are you using? I have two categories and the issues are displayed in both. I am currently using the latest SonarQube LTS version.
from dependency-check-sonar-plugin.
@mansing2 Could it be that this was your first time using DependencyCheck 8.x for your analysis on Jenkins? (The Jenkins plugin is a wrapper that can run different version of DependencyCheck CLI) See #748
from dependency-check-sonar-plugin.
I'm having the same problem, after upgrading the maven dep-check plugin from 7.1.1 to 8.4.0, the vulnerabilities disappered from project issue section in sonarQube.
We run the report generation with this line:
mvn org.owasp:dependency-check-maven:8.4.0:check -Dformats=xml,html,json
After this, the reports can be found under target/ folder, but comparing the 8.4 and 7.1.1 version shows some diffs in the xml formats
This is our SonarQube version.
Community EditionVersion 8.9.10 (build 61524)
We updated the SonarQube plugin from version 3.0.1 to 3.1.0 but it doesnt' work.
from dependency-check-sonar-plugin.
@gusriobr That would then be something for an issue at https://github.com/dependency-check/dependency-check-sonar-plugin/issues
DependencyCheck's responsibility stops at the creation of the report files. How the information in those reports (which indeed changed a bit in format is put into the SonarQube issue registration is decided upon in the SonarQube plugin project (and may potentially be constrained by internal changes within SonarQube). The issue linked before indicates that the plugin has been updated to support the new format with their MR 758, but maybe there have been other changes too.
from dependency-check-sonar-plugin.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.
from dependency-check-sonar-plugin.
This issue was closed because it has been stalled for 14 days with no activity.
from dependency-check-sonar-plugin.
8.9.10
I have also the same problem but solved it upgrading dependency-check-sonar-plugin to version 3.1.0.
#748 (comment)
from dependency-check-sonar-plugin.
Related Issues (20)
- Cannot collspae Published Vulnerabilities in SonarQube HOT 6
- The dependency check scan is not uploading the reports when scanning a project HOT 3
- URI encoded package names do not match names in lock-file HOT 8
- Apache Log4j vulnerability HOT 3
- Support for Sonar 10.2 Software Quality Severities HOT 7
- [Quality Gates] : Owasp Dependency check HOT 1
- assets section of each release doesnt include .sha256 file HOT 1
- Integrate OWASP plugin with SonarQube from Azure Pipeline
- 9.0.2 of dependency-check plugin throws JSON parsing error with field "CvssV2.confidentialityImpact" HOT 4
- Update dependency-check-maven 9.0.X breaks Sonarqube Vulnerabilities report / JSON-Analysis aborted HOT 9
- NVD Api key config missing HOT 1
- SonarQube (Enterprise EditionVersion 10.3 --build 82913) Content Security Policy blocking the plugin resource HOT 7
- Html report break sonar UI
- Issue with Documentation for 10.2+ HOT 1
- Add "DownloadOnlyWhenRequired" to packaging HOT 2
- Update 5.0.0 Release Notes to Clarify SonarQube Version Compatibility HOT 2
- Pnpm vulnerabilities are not shown in sonarqube HOT 3
- [SonarQube] : Quality gates missing settings
- Sonar dependency check multi project setup
- Issues and hotspots doesn't include dependency-check vulnerabilities HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-check-sonar-plugin.