堆栈内存溢出
  简体   繁体   English

Jenkins,Gardle:如何将依赖关系报告发布到声纳仪表板

[英]Jenkins, Gardle : How to publish Dependency report to Sonar Dashboard

 原文  2020-12-18 14:02:04       jenkins/ gradle/ sonarqube/ maven-dependency-check-plugin

问题描述

Currently we're using Jenkins free style job for Gradle project and using following commands to run Sonar and Dependencycheck目前我们正在为Gradle 项目使用 Jenkins 自由样式作业,并使用以下命令运行 Sonar 和 Dependencycheck

./gradlew clean build sonarqube dependencyCheckAnalyze \

and I'm getting following message我收到以下消息

Analyzing /opt/jenkins_slave_home/workspace/AA/package-lock.json - however, the node_modules directory does not exist.分析/opt/jenkins_slave_home/workspace/AA/package-lock.json - 但是, node_modules 目录不存在。 Please run npm install prior to running dependency-check Generating report for project AA_ArbitraryBuild Found 0 vulnerabilities in project AA请在运行依赖检查之前运行npm install为项目 AA_ArbitraryBuild 生成报告 在项目 AA 中发现 0 个漏洞

and we can able to see a file inside "ws/build/reports/" but it dint scanned anything.我们可以在“ws/build/reports/”中看到一个文件,但它扫描了任何东西。

Following are the "build.gardle" file以下是“build.gardle”文件

buildscript {
    repositories {
        maven { url artifactoryRepoUrl }
        mavenCentral()
    }
    dependencies {
        classpath 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7'
        classpath 'org.owasp:dependency-check-gradle:6.0.3'
    }
}

apply plugin: 'org.sonarqube'
apply plugin: 'org.owasp.dependencycheck'

sonarqube {
    properties {
        property 'sonar.projectName', sonarProjectName
        property 'sonar.projectKey', sonarProjectKey
        property 'sonar.host.url', sonarHostUrl
        property 'sonar.login', sonarAuthToken
        property 'sonar.dependencyCheck.reportPath', sonarDependencyCheckReport
        property 'sonar.dependencyCheck.htmlReportPath', sonarDependencyCheckHTMLReport
    }
}

Can you plz help on what are the additional steps that I need to add.你能帮忙看看我需要添加哪些额外的步骤吗?

1 个解决方案

解决方案1
 0  2021-04-20 13:11:46

You've got all you need to push result to sonar.您拥有将结果推送到声纳所需的一切。 Make sure that you provide right path for your owasp vulnerabilities report for sonar plugin.确保为声纳插件的 owasp 漏洞报告提供正确的路径。 It's sonar.dependencyCheck.reportPath and should point to build/reports directroy, and if you produce html report file you can point it with sonar.dependencyCheck.htmlReportPath .它是sonar.dependencyCheck.reportPath并且应该指向build/reports目录,如果您生成 html 报告文件,您可以使用sonar.dependencyCheck.htmlReportPath指向它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 jenkins 服务器中发布声纳结果,或者我们是否有声纳报告 jenkins 插件 - how to publish sonar result in jenkins server, or do we have sonar-report jenkins plugin Jmeter 仪表板为空 Jenkins HTML 报告发布 - Jmeter Dashboard empty on Jenkins HTML report publish 如何使用Jenkins从声纳运行器调用不同的声纳仪表板? - how to call different sonar dashboard from sonar runner using Jenkins? 如何在Jenkins上向用户发布Environment Dashboard - How to publish Environment Dashboard on Jenkins to Users 如何在Jenkins中发布Gradle项目的Codenarc报告? - How to publish Codenarc report for Gradle project in Jenkins? 如何在詹金斯发布测试结果报告? - how to publish test result report in jenkins? 如何通过 Jenkins 的电子邮件发送声纳分析报告? - How to send Sonar Analysis report in email from Jenkins? 如何使用 Jenkins 声明式管道状态在 Jenkins 中发布 Jacoco 报告 - How to Publish Jacoco Report in Jenkins Using Jenkins Declarative Pipeline Statage Jenkins 管道发布 html 报告 - Jenkins Pipeline publish html report 我如何在 jenkins 中发布 sonarqube 报告? 使用 sonarqube portlet - how could i publish sonarqube report in jenkins? using the sonarqube portlet
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM