boranx
commented
7 years ago +1
Closed san-slysz closed 3 years ago
boranx
commented
7 years ago +1
stevespringett
commented
7 years ago The plugin hasn't been updated for 6.x yet. It was forked from the Dependency-Check plugin for SQ5. The Dependency-Check plugin has been updated for SQ6, but this plugin as not. There are a lot of API changes between the two versions. There's also a drastic reduction in usability in SQ6 for plugins like ZAP and DC that do not relate findings to individual source files.
I'm hoping SonarSource addresses these issues, but it will mean even more API changes if they do.
san-slysz
commented
7 years ago Do you plan on adapting ZAP based on the Dependency-Check plugin, or do you wait for Sonar to address some of this plugin perimeter reduction (if they plan to, which is not sure) first? I saw the same issue on the PERL plugin. Some deprecated API were removed, APIs still hugely used by plugins, leading to several lack of compliance between 6.3-6.4 and the sonar plugin world :|.
san-slysz
commented
7 years ago @stevespringett ?
stevespringett
commented
7 years ago Now that an updated version of the Dependency-Check SonarQube plugin has been released that supports SQ 6.3 and higher, the ZAP plugin should be updated in much the same manner.
I will not likely have time to do this until H1 2018 as I'm fully invested in other projects at the moment. PRs are always welcome ;-)
NiklasMehner
commented
7 years ago I have create pull request https://github.com/stevespringett/zap-sonar-plugin/pull/9 for this issue.
san-slysz
commented
7 years ago @stevespringett @NiklasMehner I'm gonna try that asap and let you know. @NiklasMehner thank you very much for your time and that PR.
OtherDevOpsGene
commented
3 years ago Now works with SonarQube 8.x
Hi,
Context:
sonar:sonar -Dsonar.host.url=<MySonarURL>as stated in the sonar documentationBy default my POM as no mention of sonar nor zap. I tried adding some configuration like FranciscoSan did in https://github.com/stevespringett/zap-sonar-plugin/issues/6 but did not obtain any better result 😞. The 6.4 version of sonarQbe does not offer dashboards thus I can't try adding any widget to it as a check.
I'm new to this plugin, and to sonar overall, so consider telling me to do basic dumb checks, it may be that.
My Logs Overall:
"C:\Program Files\Java\jdk1.8.0_131\bin\java" -Dmaven.multiModuleProjectDirectory=<myProject LocalDirectory> "-Dmaven.home=C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\plugins\maven\lib\maven3" "-Dclassworlds.conf=C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\plugins\maven\lib\maven3\bin\m2.conf" "-javaagent:C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\lib\idea_rt.jar=62655:C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\bin" -Dfile.encoding=UTF-8 -classpath "C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\plugins\maven\lib\maven3\boot\plexus-classworlds-2.5.2.jar" org.codehaus.classworlds.Launcher -Didea.version=2017.1.4 sonar:sonar -Dsonar.host.url=<MySonarURL>[INFO] Scanning for projects...[INFO][INFO] ------------------------------------------------------------------------[INFO] Building Engagement - UI testing 0.0.1-SNAPSHOT[INFO] ------------------------------------------------------------------------[INFO][INFO] --- sonar-maven-plugin:3.3.0.603:sonar (default-cli) @ <Project> ---[INFO] User cache: C:\Users\<me>\.sonar\cache[INFO] Load global settings[INFO] Load global settings (done) | time=218ms[INFO] User cache: C:\Users\<me>\.sonar\cache[INFO] Load plugins index[INFO] Load plugins index (done) | time=9ms[INFO] SonarQube version: 6.4.0[INFO] Default locale: "fr_FR", source code encoding: "UTF-8"[INFO] Process project properties[INFO] Load project repositories[INFO] Load project repositories (done) | time=42ms[INFO] Execute project builders[INFO] Execute project builders (done) | time=0ms[INFO] Load quality profiles[INFO] Load quality profiles (done) | time=22ms[INFO] Load active rules[INFO] Load active rules (done) | time=210ms[INFO] Load metrics repository[INFO] Load metrics repository (done) | time=174ms[WARNING] SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.[INFO] Publish mode[INFO] Project key: <myProjectKey>[INFO] ------------- Scan <myProject>[INFO] Load server rules[INFO] Load server rules (done) | time=38ms[INFO] Initializer GenericCoverageSensor[INFO] Initializer GenericCoverageSensor (done) | time=0ms[INFO] Base dir: <myProject LocalDirectory>[INFO] Working dir: <myProject LocalDirectory>\target\sonar[INFO] Source encoding: UTF-8, default locale: fr_FR[INFO] Index files[INFO] 102 files indexed[INFO] Quality profile for java: Sonar way[INFO] Sensor JavaSquidSensor [java][INFO] Configured Java source version (sonar.java.source): 7[INFO] JavaClasspath initialization[INFO] JavaClasspath initialization (done) | time=15ms[INFO] JavaTestClasspath initialization[INFO] JavaTestClasspath initialization (done) | time=7ms[INFO] Java Main Files AST scan[INFO] 102 source files to be analyzed[INFO] 102/102 source files have been analyzed[INFO] Java Main Files AST scan (done) | time=10903ms[INFO] Java Test Files AST scan[INFO] 0 source files to be analyzed[INFO] Java Test Files AST scan (done) | time=5ms[INFO] Sensor JavaSquidSensor [java] (done) | time=11721ms[INFO] Sensor Analyzer for "php.ini" files [php][INFO] 0/0 source files have been analyzed[INFO] Sensor Analyzer for "php.ini" files [php] (done) | time=4ms[INFO] Sensor SurefireSensor [java][INFO] parsing [<myProject LocalDirectory>\target\surefire-reports][INFO] Sensor SurefireSensor [java] (done) | time=3ms[INFO] Sensor JaCoCoSensor [java][INFO] Sensor JaCoCoSensor [java] (done) | time=1ms[INFO] Sensor SonarJavaXmlFileSensor [java][INFO] Sensor SonarJavaXmlFileSensor [java] (done) | time=1ms[INFO] Sensor Zero Coverage Sensor[INFO] Sensor Zero Coverage Sensor (done) | time=114ms[INFO] Sensor CPD Block Indexer[INFO] Sensor CPD Block Indexer (done) | time=254ms[INFO] No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.[INFO] 6 files had no CPD blocks[INFO] Calculating CPD for 96 files[INFO] CPD calculation finished[INFO] Analysis report generated in 2031ms, dir size=826 KB[INFO] Analysis reports compressed in 402ms, zip size=373 KB[INFO] Analysis report uploaded in 244ms[INFO] ANALYSIS SUCCESSFUL, you can browse <MyProjectUnderSonarURL>[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report[INFO] Task total time: 17.260 s[INFO] ------------------------------------------------------------------------[INFO] BUILD SUCCESS[INFO] ------------------------------------------------------------------------[INFO] Total time: 23.498 s[INFO] Finished at: 2017-07-11T15:56:11+02:00[INFO] Final Memory: 26M/595M[INFO] ------------------------------------------------------------------------Process finished with exit code 0Is this plugin 6.4 compliant ? Did I miss something obvious like a basic ocnfiguration ? What checks/troubleshooting can I make ? Thanks for your time, San.