porscheinformatik / sonarqube-licensecheck

SonarQube Licensecheck Plugin
Apache License 2.0
159 stars 58 forks source link

No Results in License check page for Java Maven project. #408

Closed Katheeja-Yasmin closed 9 months ago

Katheeja-Yasmin commented 10 months ago

I am scanning a java maven project using sonarscanner with below mentioned steps for license check.Still am getting no results in license check page.

403408281_896777228506557_5747681017080869284_n

Versions: Sonarqube Enterprise edition - 9.9.2 License check plugin - 5.1.1

Configurations that have been done: 1) Installed Sonarqube license check plugin from market place 2)Restarted the server 3)Enabled toggles on Activate license check and Npm transitive dependencies 4)Enable licenses globally that is allowed to use 5)Created a quality profile by activating license check rules for java and attached it to the project.

@Janpopan @derkoe @Scuilion @thred @Bananeweizen If anybody have lead on this please help me to resolve this issue asap. Thank you.

Janpopan commented 10 months ago

@Katheeja-Yasmin can you provide some more information or the sonarqube client log?

Katheeja-Yasmin commented 10 months ago

@Katheeja-Yasmin can you provide some more information or the sonarqube client log?

@Janpopan Below is my sonar logs related to license-check plugin 2023.11.08 10:47:15 INFO web[][o.s.c.e.CoreExtensionsLoader] Loaded core extensions: enterprise-edition, ce-workers, developer-scanner, developer-server, governance, license, securityreport, monitoring, scim

2023.11.08 10:48:05 INFO ce[][o.s.c.e.CoreExtensionsLoader] Loaded core extensions: enterprise-edition, ce-workers, developer-scanner, developer-server, governance, license, securityreport, monitoring, scim

2023.12.08 07:15:24 INFO web[][o.s.c.e.CoreExtensionsLoader] Loaded core extensions: enterprise-edition, ce-workers, developer-scanner, developer-server, governance, license, securityreport, monitoring, scim

2023.12.08 07:15:46 INFO web[][a.p.s.l.l.LicenseMappingSettingsService] Migrating old settings to new format for Maven license mappings

2023.12.08 07:16:24 INFO ce[][o.s.c.e.CoreExtensionsLoader] Loaded core extensions: enterprise-edition, ce-workers, developer-scanner, developer-server, governance, license, securityreport, monitoring, scim

There is no errors or warning in my logs. My pipeline is running in github actions and sonar scanner is running on a separate docker container.Below is the command which am using for scanning.

if [ -n "$VERSION" ]; then sonar-scanner -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS} -Dsonar.projectVersion=${VERSION} else sonar-scanner -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS} fi

@derkoe I have referred to the response you gave for the same issue https://github.com/porscheinformatik/sonarqube-licensecheck/issues/288#issuecomment-962685504. I am not able to mention the maven_home path in sonar-scanner command since sonarqube is running as a seperate container.Please assist me if you have any clue on this.

Janpopan commented 10 months ago

@Katheeja-Yasmin you provided the server log, can you provide the client log?

missedone commented 9 months ago

@Janpopan , i have the same issue with Jenkins CI.

pipeline snippet:

stage('Build') {
  steps {
      withMaven(
          options: [jacocoPublisher(disabled: false), junitPublisher(disabled: false), artifactsPublisher(disabled: true)],
          mavenSettingsConfig: 'my-nexus-settings'
          ) {
              script {
                  withSonarQubeEnv('my-sonarqube') {
                      sh './mvnw -e install sonar:sonar docker:build docker:push'
                  }
              }
      }
  }
}

and per the client log in Jenkins build, seems like the plugin got the wrong maven user setting path, but i have no idea how to set it:

image

Versions: Sonar: 10.1.0 Maven 3.9.6

missedone commented 9 months ago

I tried with the latest Jenkins Sonar plugin 2.17, got the same issue above

derkoe commented 9 months ago

@missedone your issue i a totally different one. You seem to have set the user settings to an invalid value including quotes ".

I can reproduce this with the following command line:

mvn --settings '"/home/user/bla.xml"' sonar:sonar 

Then I get the same error:

WARNING] Could not get dependency list via maven
[WARNING] Error executing Maven.
The specified user settings file does not exist: /home/user/git/github.com/porscheinformatik/sonarqube-licensecheck/"/home/user/bla.xml"

I guess you can fix this by removing the quotes.

derkoe commented 9 months ago

@Katheeja-Yasmin just checked the Maven using the sonar-scanner CLI - you will have to set the env variable M2_HOME to a valid Maven installation - then the analysis will work.

missedone commented 9 months ago

@derkoe thanks for checking.

i didn't set the user settings if you check the snippet of my pipeline. it looks to me withMaven closure works well, not sure if withSonarQubeEnv caused the issue.

let me run the sonar:sonar goal on my local to narrow down the issue

 withMaven(
          options: [jacocoPublisher(disabled: false), junitPublisher(disabled: false), artifactsPublisher(disabled: true)],
          mavenSettingsConfig: 'my-nexus-settings'
          ) {
              script {
                  withSonarQubeEnv('my-sonarqube') {
                      sh './mvnw -e install sonar:sonar docker:build docker:push'
                  }
              }
      }