How to detect the depenency check vulnerabilities on sonarqube?

836 Views Asked by At

I'm trying to run dependency check on sonarqube through jenkins using dependency check plugin. I'm able to generate report. but its not showing on sonarqube in vulnerability section. it says 0 vulnerabilities. I also installed dependency check plugin on sonarqube server. It is able to show the report on the dashboard if i pass the path of the dependency check. But i need to show vulnerability tab. Following actions as below in jenkins at Post Steps section at Invoke Dependency check --project sample --scan target/*.war --format HTML at Execute sonarqube scanner sonar.properties analysis

sonar.projectKey=test
sonar.projectName=test1
sonar.projectVersion=1.0
sonar.sources=.
sonar.language=java 
sonar.java.binaries=target/*
sonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html

on sonarqube dashboard all sections good like quality gateway, new bugs... but vulnerabilities shows zero. i have tried all the way but no luck

1

There are 1 best solutions below

1
On

You also need to add:
sonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json