Comments (7)
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.
from dependency-check-sonar-plugin.
The following change may help you. #765
However, the PR requires a rebase and must of course be transferred in your source code copy. You will then have to build and install the plugin manually yourself.
from dependency-check-sonar-plugin.
I'm experiencing the same problem also with sonar-dependency-check-plugin-5.0.0 on sonarqube Community Edition 10.3 (build 82913). The report opens in new tab, but buttons still don't work as sonarqube is serving response header with CSP script-src 'self' so inline scripts are blocked. I tried that with Firefox , Chrome and Opera. They all block it (message can be seen in developer console).
from dependency-check-sonar-plugin.
I'm experiencing the same problem also with sonar-dependency-check-plugin-5.0.0 on sonarqube Community Edition 10.3 (build 82913). The report opens in new tab, but buttons still don't work as sonarqube is serving response header with CSP script-src 'self' so inline scripts are blocked. I tried that with Firefox , Chrome and Opera. They all block it (message can be seen in developer console).
Same for us, issue persists in new tab.
from dependency-check-sonar-plugin.
There is not much I can do here, the whole display of the HTML report is very hacky.
from dependency-check-sonar-plugin.
There is not much I can do here, the whole display of the HTML report is very hacky.
See releasenotes 10.0 about changes to security: https://docs.sonarsource.com/sonarqube/latest/setup-and-upgrade/release-upgrade-notes/#release-10.0-upgrade-notes
And this page with help regarding pages: https://docs.sonarsource.com/sonarqube/latest/extension-guide/developing-a-plugin/adding-pages-to-the-webapp/
It might help you?
from dependency-check-sonar-plugin.
Unfortunately not, because the complete HTML file with inline script comes from dependency-check.
from dependency-check-sonar-plugin.
Related Issues (20)
- Quality gate uses original severity of the issue, not the user assigned one HOT 7
- Can't see CVEs (vulnerabilities) on Sonar UI under Project>Issues. Used to see them in the past. Has anything changed? HOT 7
- False positive: NPM package ionicabizau/parse-url confused with parseurl HOT 2
- Examples and tests still use removed `sonar.dependencyCheck.reportPath` property HOT 5
- Cannot collspae Published Vulnerabilities in SonarQube HOT 6
- The dependency check scan is not uploading the reports when scanning a project HOT 3
- URI encoded package names do not match names in lock-file HOT 8
- Apache Log4j vulnerability HOT 3
- Support for Sonar 10.2 Software Quality Severities HOT 7
- [Quality Gates] : Owasp Dependency check HOT 1
- assets section of each release doesnt include .sha256 file HOT 1
- Integrate OWASP plugin with SonarQube from Azure Pipeline
- 9.0.2 of dependency-check plugin throws JSON parsing error with field "CvssV2.confidentialityImpact" HOT 4
- Update dependency-check-maven 9.0.X breaks Sonarqube Vulnerabilities report / JSON-Analysis aborted HOT 9
- NVD Api key config missing HOT 1
- Html report break sonar UI
- Issue with Documentation for 10.2+ HOT 1
- Add "DownloadOnlyWhenRequired" to packaging HOT 2
- Update 5.0.0 Release Notes to Clarify SonarQube Version Compatibility HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-check-sonar-plugin.