Open Katheeja-Yasmin opened 3 months ago
This plugin does not generate the reports, these must first be created with dependency-check. Are the reports available under the paths?
Hi Reamer, I could able to resolve this issue for my java maven project. The new issue here is i am not able to run dependency check for javascript/nodejs or am not sure is there any config missing from my side.so here is the details. I have a javascript project which is utilizing jenkins groovy script for ci. I have sonarqube configuration with sonar-project.properties file which tells sonar to pick the dependency check reports from the below path.
sonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html sonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json sonar.dependencyCheck.reportPath=target/dependency-check-report.xml sonar.dependencyCheck.summarize=true
I added below commands in my jenkins build stage. npm install npm install -D owasp-dependency-check npm run build
and added below line in my package.json file under scripts. "scripts": { "start": "react-scripts start", "build": "CI=false PUBLIC_URL=/ react-app-rewired build", "test": "react-scripts test", "test:dependency": "owasp-dependency-check --project \"project-name\" --scan \"package-lock.json\" --exclude \"dependency-check-bin\" --out \"target\" --format HTML", "eject": "react-scripts eject" }
But i am not able to generate the report and could see below info in my jenkins logs.
INFO: Sensor Dependency-Check [dependencycheck] INFO: Dependency-Check - Start INFO: Using JSON-Reportparser INFO: Dependency-Check JSON report does not exists. Please check property sonar.dependencyCheck.jsonReportPath:/var/lib/jenkins/workspace/project_name/target/dependency-check-report.json INFO: JSON-Analysis skipped/aborted due to missing report file INFO: Dependency-Check HTML report does not exists. Please check property sonar.dependencyCheck.htmlReportPath:/var/lib/jenkins/workspace/project_name/target/dependency-check-report.html INFO: HTML-Dependency-Check report does not exist. INFO: Dependency-Check - End
I am new in configuring dependency check for javascript.Please help me to generate the report. Thanks
The dependency check report is not created by this plugin, please do this in a separate step. This plugin only reads the report when the SonarQube scanner is running.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.
I am not able to see any results when i run sonarscanner for my java maven project.Dependency check showing no results. I have configured dependency check plugin for my sonarqube.and included below properties in my sonar-project.properties file.
sonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html sonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json sonar.dependencyCheck.reportPath=target/dependency-check-report.xml
Here is my jenkins log related to dependency check:
09:43:46.560 INFO: Sensor Dependency-Check [dependencycheck] 09:43:46.561 INFO: Dependency-Check - Start 09:43:46.562 INFO: Using JSON-Reportparser 09:43:46.563 INFO: Dependency-Check JSON report does not exists. Please check property sonar.dependencyCheck.jsonReportPath:/var/lib/jenkins/workspace/dummy-test/target/dependency-check-report.json 09:43:46.563 INFO: JSON-Analysis skipped/aborted due to missing report file 09:43:46.566 DEBUG: JSON-Dependency-Check report does not exist. java.io.FileNotFoundException: JSON-Dependency-Check report does not exist. at org.sonar.dependencycheck.report.JsonReportFile.getJsonReport(JsonReportFile.java:37) at org.sonar.dependencycheck.DependencyCheckSensor.parseAnalysis(DependencyCheckSensor.java:66) at org.sonar.dependencycheck.DependencyCheckSensor.execute(DependencyCheckSensor.java:129) at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64) at org.sonar.scanner.sensor.ProjectSensorsExecutor.execute(ProjectSensorsExecutor.java:52) at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:169) at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:223) at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:202) at org.sonar.scanner.bootstrap.SpringScannerContainer.doAfterStart(SpringScannerContainer.java:351) at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:223) at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:202) at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:138) at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:223) at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:202) at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:71) at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:65) at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60) at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source) at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189) at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138) at org.sonarsource.scanner.cli.Main.execute(Main.java:126) at org.sonarsource.scanner.cli.Main.execute(Main.java:81) at org.sonarsource.scanner.cli.Main.main(Main.java:62)
09:43:46.566 INFO: Dependency-Check HTML report does not exists. Please check property sonar.dependencyCheck.htmlReportPath:/var/lib/jenkins/workspace/dummy-test/target/dependency-check-report.html 09:43:46.566 INFO: HTML-Dependency-Check report does not exist. 09:43:46.567 DEBUG: HTML-Dependency-Check report does not exist. java.io.FileNotFoundException: HTML-Dependency-Check report does not exist. at org.sonar.dependencycheck.report.HtmlReportFile.getHtmlReport(HtmlReportFile.java:37) at org.sonar.dependencycheck.DependencyCheckSensor.uploadHTMLReport(DependencyCheckSensor.java:82) at org.sonar.dependencycheck.DependencyCheckSensor.execute(DependencyCheckSensor.java:137) at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64) at org.sonar.scanner.sensor.ProjectSensorsExecutor.execute(ProjectSensorsExecutor.java:52) at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:169) at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:223) at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:202) at org.sonar.scanner.bootstrap.SpringScannerContainer.doAfterStart(SpringScannerContainer.java:351) at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:223) at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:202) at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:138) at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:223) at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:202) at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:71) at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:65) at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60) at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source) at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189) at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138) at org.sonarsource.scanner.cli.Main.execute(Main.java:126) at org.sonarsource.scanner.cli.Main.execute(Main.java:81) at org.sonarsource.scanner.cli.Main.main(Main.java:62)
09:43:46.567 INFO: Dependency-Check - End
Here is my version details Sonarqube - 10.4 sonar dependency check plugin - 5.0.0 Sonarscanner - 5.0.1
Kindly help me to resolve this issue.