Closed nikhiljainonline closed 6 years ago
thc202
commented
6 years ago This could be merged into #21 (or the other into this one).
Note that you can add those rules already: https://github.com/Coveros/zap-sonar-plugin#plugin-configuration For reference #4.
OtherDevOpsGene
commented
6 years ago I see 10027 in there now. I do not see 40029.
I searched the zaproxy source, but couldn't find anything other than a mention that it is for the trace.xsd Scanner. No text, description, documentation, etc. Does anyone know where that comes from?
thc202
commented
6 years ago Right, 10027 was added in #23. Raised a PR (#29) to add the other two rules.
The scanners (passive and active) are provided through add-ons, most of them are in the zap-extensions repo but some are provided by 3rd parties which use their own repos. The best would be to generate the rules from the report (as the TODO indicates), for example, some of the scanners raise slightly different issues which the current rules file does not handle.
Hi
I am getting couple of warnings when the analysis is run by the sonarqube. The warning says that couple of rules are missing. Can you please check if these rules are not included as part of the ZAP plugin for sonarqube.
2018-06-19T08:05:30.3397646Z ##[error]10:05:30.329 WARN: The rule ZAProxy:10027 doesn't exist. 2018-06-19T08:05:30.3406626Z ##[debug]Processed: ##vso[task.logissue type=error;]10:05:30.329 WARN: The rule ZAProxy:10027 doesn't exist. 2018-06-19T08:05:30.3407480Z 10:05:30.329 WARN: The rule ZAProxy:10027 doesn't exist. 2018-06-19T08:05:30.3520743Z ##[error]10:05:30.350 WARN: The rule ZAProxy:40029 doesn't exist. 2018-06-19T08:05:30.3521301Z ##[debug]Processed: ##vso[task.logissue type=error;]10:05:30.350 WARN: The rule ZAProxy:40029 doesn't exist.
Thanks Nikhil