Can't see ZAP report in Sonar about zap-sonar-plugin HOT 12 CLOSED

I don' have a dependency check report, so I think the warning about it does not matter. My issue is with ZAP report.

from zap-sonar-plugin.

Try with an absolute path.

sonar.zaproxy.reportPath=${WORKSPACE}/zaproxy-report.xml

It could be that the relative path isn't working.

from zap-sonar-plugin.

I got the results view like http://localhost:9000/project/issues?id=org.sonarsource.owasp%3Asonar-zap-plugin&resolved=false&tags=zaproxy. But not table of the result data.
How can i make widget like the Screenshot in sonarqube project dashboard?
Is it possible?

from zap-sonar-plugin.

I have the following error from log 09:29:07.363 INFO: Process ZAP report

09:29:07.363 WARN: ZAP report does not exist. SKIPPING. Please check property sonar.zaproxy.reportPath: /Users/maersk_mtc03/jenkins_home/workspace/samplepython/report/JENKINS_ZAP_VULNERABILITY_REPORT.xml

But with me as you can see I gave an absolute path still it cannot be seen. I have double checked path and it exists

from zap-sonar-plugin.

I have a similar problem, but even setting the absolute path, the report is not found:

OWASP ZAP Scan Step:
sh 'docker run --rm -v ${WORKSPACE}/zap/:/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t ${URL} -n ${JSON_FILE} -a -d -f openapi -x zaproxy-report.zap -r zaproxy-report.html -J zaproxy-report.json -I'

Archive Artifacts steps:
archiveArtifacts '${WORKSPACE}/zaproxy-report.zap' (or .xml)

SONAR SCAN Step:
sh 'docker run -v $(pwd):/usr/src/mymaven -w /usr/src/mymaven maven:3.3-jdk-8 mvn -s /usr/src/mymaven/settings.xml -DskipTests clean -f /usr/src/mymaven/$API-api/pom.xml package sonar:sonar -Dsonar.projectKey="${SONAR_NAME}-DAST" -Dsonar.projectName="${SONAR_NAME}-DAST" -Dsonar.zaproxy.reportPath="${WORKSPACE}/zaproxy-report.zap" -Dsonar.language=ZAP -Dsonar.lang.patterns.zap=**/*.zap -Dsonar.dependencyCheck.skip=true'

I have a first Quality Gate integrated with dependency-check at the same Pipeline, but this second don't find the report.I tried almost all possibilities of folders =/

I also tried with xml format in all steps, so i tried to set a custom extention because i saw it working in another pipeline.

When i check the workspace (or set a sh 'ls -lah') the report is there.

Any idea, plz?

from zap-sonar-plugin.

Fixed in release 2.1.0

from zap-sonar-plugin.

Does this plugin work with sonar version 8.x ?

from zap-sonar-plugin.

Using latest version using 8.6 at https://www.hack23.com/sonar/project/extension/zap/report_page?id=com.hack23.cia%3Acia-all&qualifier=TRK , so works well

from zap-sonar-plugin.

kool. Can you tell me how to push the report to sonar? I have sonar plugin in my build.gradle
plugins {
id 'org.sonarqube' version '2.8'
}
and I'm using following command
./gradlew sonarqube -Dsonar.zaproxy.htmlReportPath=${WORKSPACE}/report.html
but I dont see the report. My plugin version is 2.0.2.

from zap-sonar-plugin.

Using plugin version 2.2.0, but think at least 2.1.0 is required https://github.com/OtherDevOpsGene/zap-sonar-plugin/releases/tag/sonar-zap-plugin-2.1.0 since it's added report back support to 8.x sonarqube.

from zap-sonar-plugin.

That is correct. 2.1.0 added the report capability, and 2.2.0 is current as of yesterday.

from zap-sonar-plugin.

I'm running scan via Bamboo plugin (it runs sonnar scanner) and got this in "sonar-project.properties":

sonar.zaproxy.reportPath=./security_tests/output/security_scan_api.xml
sonar.zaproxy.htmlReportPath=./security_tests/output/security_scan_api.html

but no HTML report in Sonar:

Any ideas how to debug this (Sonar 8.5.1)? I tried absolute paths with no luck.

from zap-sonar-plugin.