shw3-cdc
commented
4 years ago We just upgraded to the same version of Sonarqube yesterday and we are having the similar issue, Anyone out there has any suggestion? thx
Closed MMirabito closed 4 years ago
shw3-cdc
commented
4 years ago We just upgraded to the same version of Sonarqube yesterday and we are having the similar issue, Anyone out there has any suggestion? thx
Reamer
commented
4 years ago I can reproduce this issue. @MMirabito Thanks for this nice Bug-Report. I think there was an API change with 8.1. It's not documented under https://docs.sonarqube.org/latest/extend/developing-plugin/
Reamer
commented
4 years ago Quick-Fix for you in branch report_view. This small commit is a breaking change, therefore we need a new major release. NOTE: This branch contains also other breaking changes (JSON-Report-Parser), you must change your plugin configuration. Please build this plugin on your own and report if it's helps you.
MMirabito
commented
4 years ago Hi Philipp (@Reamer),
Thank you for your quick response and looking into what might have been the problem. Your Quick-Fix on the report_view branch is working - we are back online :-)
I built the plugin locally and deployed the sonar-dependency-check-plugin-1.2.7-SNAPSHOT.jar into our Sonar instance. The CVE HTML report is working again see screenshot.
I noticed that on existing scans both the HTML and XML CVE files appear after swapping the plugin. However, if I rerun the scan then the XML CVE is not getting processed. To get it to work I modified one of the project's sonar.properties entries to a new value sonar.dependencyCheck.xmlReportPath:
Original: sonar.dependencyCheck.reportPath=./build/dependency-check-report.xml New: sonar.dependencyCheck.xmlReportPath=./build/dependency-check-report.xml
Is this what you were referring to when you noted:
NOTE: This branch contains also other breaking changes (JSON-Report-Parser), you must change your plugin configuration.
Thanks again, max
Reamer
commented
4 years ago Hi @MMirabito, good to hear, that my quick fix solved your problem. Unfortunately I'm not a JavaScript developer and I hope that someone could help me to update report.js, that the file supports all sonarqube versions.
Helpful Links from sonarqube:
As a first approach we should evaluate the function window.SonarMeasures instead of window.SonarRequest.
Describe the bug Dear Support,
I am not sure if this is the right place to inquire about our problem so my apologies in advance for the post and its length. But I am hoping you can point me in the right direction.
Yesterday we updated to SonarQube 8.1.0.31237 from 8.0 and we noticed that the depencycheck HTML reports are not showing up on the sonarqube page anymore .
The Sonar dependency-check-sonar-plugin appears to be recognized by sonarqube because it lloks like CVE XML file is being processed for the project - see screen shots at the bottom of the post.
We are kind of stuck and we have run out of ideas.
To Reproduce This an on-prem implementation and behind the firewall
Current behavior The Dependency HTML reports are not being displayed on the sonarqube portal
Expected behavior The HTML report should display on the page
Screenshots If applicable, add screenshots to help explain your problem.
Versions (please complete the following information):
Additional context The XML and HTML reports are being generated and deposited on the build directory of the CI/CD server. We are using a sonar.properties files with the following content: ` sonar.projectKey=XXX sonar.projectName=XXX sonar.projectVersion=1.0
sonar.sources=./src sonar.java.binaries=./build/target/WebRoot/WEB-INF/classes sonar.java.libraries=./build/target/WebRoot/WEB-INF/lib/.jar,./build/lib/.jar sonar.dependencyCheck.reportPath=./build/dependency-check-report.xml sonar.dependencyCheck.htmlReportPath=./build/dependency-check-report.html sonar.dependencyCheck.severity.blocker=9.0 sonar.dependencyCheck.severity.critical=7.0 sonar.dependencyCheck.severity.major=4.0 sonar.dependencyCheck.severity.minor=0.0 sonar.sourceEncoding=UTF-8 ` The behavior is identical in Chrome, IE or Edge. When I run in IE I am notice a red box that pops up, see screenshot.
In chrome console we noticed:
**In Edge console we noticed:
HTTP400: BAD REQUEST - The request could not be processed by the server due to invalid syntax. (Fetch)GET - https:// xxxx-xxxx.zzz.www/SONARQUBE/api/measures/component?componentKey=XXX%3Amaster&metricKeys=reportIt appears that it’s either not finding the report or something is misconfigured but we are no sure what we might be missing. This was working in the 8.0 release.
Does anyone have any idea why this could be happening and how to resolve it?
Thanks in advance for any help. max