github-actions[bot]
commented
9 months ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.
Open platformbeheer-otv opened 11 months ago
github-actions[bot]
commented
9 months ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.
Reamer
commented
9 months ago The following change may help you. https://github.com/dependency-check/dependency-check-sonar-plugin/pull/765 However, the PR requires a rebase and must of course be transferred in your source code copy. You will then have to build and install the plugin manually yourself.
kascaks
commented
8 months ago I'm experiencing the same problem also with sonar-dependency-check-plugin-5.0.0 on sonarqube Community Edition 10.3 (build 82913). The report opens in new tab, but buttons still don't work as sonarqube is serving response header with CSP script-src 'self' so inline scripts are blocked. I tried that with Firefox , Chrome and Opera. They all block it (message can be seen in developer console).
kevinrossnl
commented
8 months ago I'm experiencing the same problem also with sonar-dependency-check-plugin-5.0.0 on sonarqube Community Edition 10.3 (build 82913). The report opens in new tab, but buttons still don't work as sonarqube is serving response header with CSP script-src 'self' so inline scripts are blocked. I tried that with Firefox , Chrome and Opera. They all block it (message can be seen in developer console).
Same for us, issue persists in new tab.
Reamer
commented
8 months ago There is not much I can do here, the whole display of the HTML report is very hacky.
kevinrossnl
commented
8 months ago There is not much I can do here, the whole display of the HTML report is very hacky.
See releasenotes 10.0 about changes to security: https://docs.sonarsource.com/sonarqube/latest/setup-and-upgrade/release-upgrade-notes/#release-10.0-upgrade-notes
And this page with help regarding pages: https://docs.sonarsource.com/sonarqube/latest/extension-guide/developing-a-plugin/adding-pages-to-the-webapp/
It might help you?
Reamer
commented
8 months ago Unfortunately not, because the complete HTML file with inline script comes from dependency-check.
Describe the bug We are currently using SonarQube Enterprise Edition Version 10.3. We are encountering an issue when integrating Dependency-Check reports using dependency-check Sonarqube plugin v4.0.0. The report HTML file, which utilizes inline scripting, is blocked by CSP when we attempt to click on links and buttons to view dynamic content generated by scripting. The content of the overview is already present, but it cannot load or activate the appropriate elements dynamically due to CSP (content security policy) in SonarQube 10.3.
To Reproduce Steps to reproduce the behavior:
Current behavior Integrated HTML overview of the dependencies is shown on the Dashboard SonarQube. But it is not possible to click on any links and buttons
Expected behavior Integrated HTML overview of the dependencies must be shown on the Dashboard SonarQube. And it must be possible to click on any links and buttons in this overview
Screenshots
Versions (please complete the following information):
Additional context