Problem with newer SonarQube versions

[dantemorius]

Dear,

I have a problem, using the below scenario:

• Jenkins Master/Slave using docker (permanent tool)
• SonarQube running as docker (permanent tool)
• Owasp ZAP running as docker (Running only at the stage, uses the ZAP official image)
• Maven application with zap-sonar-plugin

OWASP ZAP Scan Step: sh 'docker run --rm -v ${WORKSPACE}/zap/:/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t ${URL} -n ${JSON_FILE} -a -d -f openapi -x zaproxy-report.zap -r zaproxy-report.html -J zaproxy-report.json -I'

Archive Artifacts steps: archiveArtifacts '${WORKSPACE}/zaproxy-report.zap' (or .xml)

SONAR SCAN Step: sh 'docker run -v $(pwd):/usr/src/mymaven -w /usr/src/mymaven maven:3.3-jdk-8 mvn -s /usr/src/mymaven/settings.xml -DskipTests clean -f /usr/src/mymaven/$API-api/pom.xml package sonar:sonar -Dsonar.projectKey="${SONAR_NAME}-DAST" -Dsonar.projectName="${SONAR_NAME}-DAST" -Dsonar.zaproxy.reportPath="${WORKSPACE}/zaproxy-report.zap" -Dsonar.dependencyCheck.skip=true'

I have a first Quality Gate integrated with dependency-check at the same Pipeline, but this second don't find the report.I tried almost all possibilities of folders =/

I also tried with xml format in all steps, so i tried to set a custom extention because i saw it working in another pipeline, but in a older SonarQube version, and using Jenkins plugin, not a container running sonarqube with a newer version (which is my situation)

When i check the workspace (or set a sh 'ls -lah') the report is there.

Any idea, plz?

[OtherDevOpsGene]

@dantemorius Please try with sonar-zap-plugin-2.0.2. I did a massive code cleanup to get rid of ignored and deprecated classes, and it looks like it is working on SonarQube 8.5 for me now.