Send Report from build Pipeline to sonarqube

[jheinath]

How do i configure the Extension to send the Reports to my Sonarqube instance that is running the dependency-check Plugin?

[ejohn20]

My understanding is this:

1) Use the Azure DevOps extension to generate the XML / JSON results format and archive those results

2)Use either option to send the report to Sonar for processing:

• Push option: Using a post build task in the Azure DevOps pipeline, invoke the Sonar API to push those results to the Sonar instance
• Pull option: Use a job on your Sonar instance to pull the report from the Azure DevOps API.

@jeremylong might be able to confirm. I have not used the Sonar integration personally.

[rouke-broersma]

@ejohn20 To upload the report, you have to add a property with the report path on the sonarqube scan settings. It looks something like this:

• task: Setup sonarqube scan (with dependency check report path option set)
• task: build app
• task: test app
• task: owasp depenceny check
• task: Complete sonarqube scan (and upload all reports including owasp)

In order to setup sonarqube to pick up the report, you need to know the location the report will be saved on in the owasp dependency check task.

[jheinath]

Thanks for clarification! Question answered.