How to detect the depenency check vulnerabilities on sonarqube?

Question

I'm trying to run dependency check on sonarqube through jenkins using dependency check plugin. I'm able to generate report. but its not showing on sonarqube in vulnerability section. it says 0 vulnerabilities. I also installed dependency check plugin on sonarqube server. It is able to show the report on the dashboard if i pass the path of the dependency check. But i need to show vulnerability tab. Following actions as below in jenkins at Post Steps section at Invoke Dependency check --project sample --scan target/*.war --format HTML at Execute sonarqube scanner sonar.properties analysis

sonar.projectKey=test
sonar.projectName=test1
sonar.projectVersion=1.0
sonar.sources=.
sonar.language=java 
sonar.java.binaries=target/*
sonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html

on sonarqube dashboard all sections good like quality gateway, new bugs... but vulnerabilities shows zero. i have tried all the way but no luck

Patryk Pilarski · Answer 1 · 2022-09-28T03:06:24.090

-1

You also need to add:
sonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json

edited Sep 28 '22 at 03:06

answered Sep 28 '22 at 03:06

Patryk Pilarski

1
1

As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Oct 04 '22 at 07:11

How to detect the depenency check vulnerabilities on sonarqube?

1 Answers1