Comments (12)
I don' have a dependency check report, so I think the warning about it does not matter. My issue is with ZAP report.
from zap-sonar-plugin.
Try with an absolute path.
sonar.zaproxy.reportPath=${WORKSPACE}/zaproxy-report.xml
It could be that the relative path isn't working.
from zap-sonar-plugin.
I got the results view like http://localhost:9000/project/issues?id=org.sonarsource.owasp%3Asonar-zap-plugin&resolved=false&tags=zaproxy. But not table of the result data.
How can i make widget like the Screenshot in sonarqube project dashboard?
Is it possible?
from zap-sonar-plugin.
I have the following error from log 09:29:07.363 INFO: Process ZAP report
09:29:07.363 WARN: ZAP report does not exist. SKIPPING. Please check property sonar.zaproxy.reportPath: /Users/maersk_mtc03/jenkins_home/workspace/samplepython/report/JENKINS_ZAP_VULNERABILITY_REPORT.xml
But with me as you can see I gave an absolute path still it cannot be seen. I have double checked path and it exists
from zap-sonar-plugin.
I have a similar problem, but even setting the absolute path, the report is not found:
OWASP ZAP Scan Step:
sh 'docker run --rm -v ${WORKSPACE}/zap/:/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t ${URL} -n ${JSON_FILE} -a -d -f openapi -x zaproxy-report.zap -r zaproxy-report.html -J zaproxy-report.json -I'
Archive Artifacts steps:
archiveArtifacts '${WORKSPACE}/zaproxy-report.zap' (or .xml)
SONAR SCAN Step:
sh 'docker run -v $(pwd):/usr/src/mymaven -w /usr/src/mymaven maven:3.3-jdk-8 mvn -s /usr/src/mymaven/settings.xml -DskipTests clean -f /usr/src/mymaven/$API-api/pom.xml package sonar:sonar -Dsonar.projectKey="${SONAR_NAME}-DAST" -Dsonar.projectName="${SONAR_NAME}-DAST" -Dsonar.zaproxy.reportPath="${WORKSPACE}/zaproxy-report.zap" -Dsonar.language=ZAP -Dsonar.lang.patterns.zap=**/*.zap -Dsonar.dependencyCheck.skip=true'
I have a first Quality Gate integrated with dependency-check at the same Pipeline, but this second don't find the report.I tried almost all possibilities of folders =/
I also tried with xml format in all steps, so i tried to set a custom extention because i saw it working in another pipeline.
When i check the workspace (or set a sh 'ls -lah') the report is there.
Any idea, plz?
from zap-sonar-plugin.
Fixed in release 2.1.0
from zap-sonar-plugin.
Does this plugin work with sonar version 8.x ?
from zap-sonar-plugin.
Using latest version using 8.6 at https://www.hack23.com/sonar/project/extension/zap/report_page?id=com.hack23.cia%3Acia-all&qualifier=TRK , so works well
from zap-sonar-plugin.
kool. Can you tell me how to push the report to sonar? I have sonar plugin in my build.gradle
plugins {
id 'org.sonarqube' version '2.8'
}
and I'm using following command
./gradlew sonarqube -Dsonar.zaproxy.htmlReportPath=${WORKSPACE}/report.html
but I dont see the report. My plugin version is 2.0.2.
from zap-sonar-plugin.
Using plugin version 2.2.0, but think at least 2.1.0 is required https://github.com/OtherDevOpsGene/zap-sonar-plugin/releases/tag/sonar-zap-plugin-2.1.0 since it's added report back support to 8.x sonarqube.
from zap-sonar-plugin.
That is correct. 2.1.0 added the report capability, and 2.2.0 is current as of yesterday.
from zap-sonar-plugin.
I'm running scan via Bamboo plugin (it runs sonnar scanner) and got this in "sonar-project.properties":
sonar.zaproxy.reportPath=./security_tests/output/security_scan_api.xml
sonar.zaproxy.htmlReportPath=./security_tests/output/security_scan_api.html
but no HTML report in Sonar:
Any ideas how to debug this (Sonar 8.5.1)? I tried absolute paths with no luck.
from zap-sonar-plugin.
Related Issues (20)
- Upload multiple ZAP Reports HOT 1
- No HTML-Report found. Please check property sonar.zaproxy.htmlReportPath HOT 3
- DepShield Deprecation Notice
- Error during SonarQube Scanner execution
- zap-sonar-plugin
- Zap plugin not working with Java 11 and SonarCube 8.3 HOT 3
- Problem with newer SonarQube versions HOT 1
- Use JUnit 5
- Update zap rules HOT 5
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:3.2.2
- [DepShield] (CVSS 7.5) Vulnerability due to usage of debug:2.6.9
- [DepShield] (CVSS 7.5) Vulnerability due to usage of express:4.17.1
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:5.1.0
- [DepShield] (CVSS 7.5) Vulnerability due to usage of http-proxy:1.18.1
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:4.0.0
- Java error when adding report HTML Azure Devops CI HOT 2
- the plugin doesn't support multibranch HOT 2
- DepShield encountered errors while building your project
- [DepShield] (CVSS 7.2) Vulnerability due to usage of lodash:4.17.20
- HTML report does not show on SonarQube HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zap-sonar-plugin.