Coder Social home page Coder Social logo

Comments (7)

stevespringett avatar stevespringett commented on June 7, 2024

I personally have never used the Sonar Maven plugin or used the Zap Maven plugin, so I cannot provide advice for those. But the reportPath looks correct, so it should be working. I've just tested it again and verified it's working as expected. I tested with SonarQube 5.6 and SonarRunner 2.4.

You should see something like this in the output (Not sure if the Maven plugin does the same thing or not):

SonarQube Runner 2.4
Java 1.8.0_111 Oracle Corporation (64-bit)
Mac OS X 10.12.2 x86_64
SONAR_RUNNER_OPTS=-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000
INFO: Error stacktraces are turned on.
INFO: Runner configuration file: /Users/steve/.jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/Sonar_Runner/conf/sonar-runner.properties
INFO: Project configuration file: NONE
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Work directory: /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace/.sonar
INFO: SonarQube Server 5.6
17:51:18.863 INFO  - Load global repositories
17:51:19.025 INFO  - Load global repositories (done) | time=164ms
17:51:19.054 INFO  - User cache: /Users/steve/.sonar/cache
17:51:19.318 INFO  - Load plugins index
17:51:19.322 INFO  - Load plugins index (done) | time=4ms
17:51:19.337 INFO  - Download sonar-zap-plugin-1.0.0-SNAPSHOT.jar
17:51:19.807 INFO  - Process project properties
17:51:19.915 INFO  - Load project repositories
17:51:20.065 INFO  - Load project repositories (done) | time=150ms
17:51:20.140 INFO  - Load quality profiles
17:51:20.204 INFO  - Load quality profiles (done) | time=64ms
17:51:20.208 INFO  - Load active rules
17:51:20.672 INFO  - Load active rules (done) | time=464ms
17:51:20.719 WARN  - SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
17:51:20.719 INFO  - Publish mode
17:51:20.721 INFO  - -------------  Scan ZAP SonarQube Test
17:51:20.829 INFO  - Load server rules
17:51:20.934 INFO  - Load server rules (done) | time=105ms
17:51:20.991 INFO  - Base dir: /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace
17:51:20.991 INFO  - Working dir: /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace/.sonar
17:51:20.993 INFO  - Source paths: src
17:51:20.993 INFO  - Source encoding: UTF-8, default locale: en_US
17:51:20.993 INFO  - Index files
17:51:21.000 INFO  - 0 files indexed
17:51:21.447 INFO  - JaCoCoSensor: JaCoCo report not found : /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace/target/jacoco.exec
17:51:21.448 INFO  - JaCoCoItSensor: JaCoCo IT report not found: /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace/target/jacoco-it.exec
17:51:21.475 INFO  - Sensor Lines Sensor
17:51:21.475 INFO  - Sensor Lines Sensor (done) | time=0ms
17:51:21.475 INFO  - Sensor OWASP Zed Attack Proxy
17:51:21.475 INFO  - Process ZAP report
17:51:22.471 INFO  - Process ZAP report (done) | time=996ms
17:51:22.484 INFO  - Sensor OWASP Zed Attack Proxy (done) | time=1009ms
17:51:22.484 INFO  - Sensor SCM Sensor
17:51:22.484 INFO  - No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
17:51:22.484 INFO  - Sensor SCM Sensor (done) | time=0ms
17:51:22.484 INFO  - Sensor Zero Coverage Sensor
17:51:22.484 INFO  - Sensor Zero Coverage Sensor (done) | time=0ms
17:51:22.484 INFO  - Sensor Code Colorizer Sensor
17:51:22.484 INFO  - Sensor Code Colorizer Sensor (done) | time=0ms
17:51:22.484 INFO  - Sensor CPD Block Indexer
17:51:22.484 INFO  - Sensor CPD Block Indexer (done) | time=0ms
17:51:22.485 INFO  - Calculating CPD for 0 files
17:51:22.485 INFO  - CPD calculation finished
17:51:22.543 INFO  - Analysis report generated in 57ms, dir size=99 KB
17:51:22.561 INFO  - Analysis reports compressed in 18ms, zip size=7 KB
17:51:22.610 INFO  - Analysis report uploaded in 49ms
17:51:22.610 INFO  - ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/org.sonar.plugins:zap-sonar-plugin
17:51:22.610 INFO  - Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
17:51:22.610 INFO  - More about the report processing at http://localhost:9000/api/ce/task?id=AVmFpLrcSsgw1eY-iihN

from zap-sonar-plugin.

FcoSanchezDelRosario avatar FcoSanchezDelRosario commented on June 7, 2024

Hello @stevespringett.
I check the log and I was able to correct the errors. T
hank for the help. I appreciate.

Regard

from zap-sonar-plugin.

diegochavezcarro avatar diegochavezcarro commented on June 7, 2024

Hi! I would like to know if this plugin is working with newer versions of Sonar. There are not widgets anymore, so I thought there were some kind of "More" menu, such as in OWASP Dependency Check.

from zap-sonar-plugin.

stevespringett avatar stevespringett commented on June 7, 2024

@diegochavezcarro yes, widgets were removed with SQ 6.0 and replaced with non-customizable measures displayed in the UI. But they did introduce the concept of a 'page' which we also support.

from zap-sonar-plugin.

diegochavezcarro avatar diegochavezcarro commented on June 7, 2024

@stevespringett Do you mean we have to create a page (https://docs.sonarqube.org/display/DEV/Creating+a+Page) or do you have one example in this project?

from zap-sonar-plugin.

dantemorius avatar dantemorius commented on June 7, 2024

I'm facing a similar problem, but no matter where i put the report, the Sensor ZAP from Sonarqube don't find the report file. I tried to bind to a lot of paths but it simply don't work. If i execute a "ls -lah" during the pipeline execution, the file is there.

I have a stack of Tools like Jenkins (Master/Slaves) and SonarQube running on Docker separate container and made Dependency-Check work, but with sonar-zap-plugin i had no success. Somebody could help me?

from zap-sonar-plugin.

OtherDevOpsGene avatar OtherDevOpsGene commented on June 7, 2024

Fixed in release 2.1.0.

from zap-sonar-plugin.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.