Comments (7)
I personally have never used the Sonar Maven plugin or used the Zap Maven plugin, so I cannot provide advice for those. But the reportPath looks correct, so it should be working. I've just tested it again and verified it's working as expected. I tested with SonarQube 5.6 and SonarRunner 2.4.
You should see something like this in the output (Not sure if the Maven plugin does the same thing or not):
SonarQube Runner 2.4
Java 1.8.0_111 Oracle Corporation (64-bit)
Mac OS X 10.12.2 x86_64
SONAR_RUNNER_OPTS=-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000
INFO: Error stacktraces are turned on.
INFO: Runner configuration file: /Users/steve/.jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/Sonar_Runner/conf/sonar-runner.properties
INFO: Project configuration file: NONE
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Work directory: /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace/.sonar
INFO: SonarQube Server 5.6
17:51:18.863 INFO - Load global repositories
17:51:19.025 INFO - Load global repositories (done) | time=164ms
17:51:19.054 INFO - User cache: /Users/steve/.sonar/cache
17:51:19.318 INFO - Load plugins index
17:51:19.322 INFO - Load plugins index (done) | time=4ms
17:51:19.337 INFO - Download sonar-zap-plugin-1.0.0-SNAPSHOT.jar
17:51:19.807 INFO - Process project properties
17:51:19.915 INFO - Load project repositories
17:51:20.065 INFO - Load project repositories (done) | time=150ms
17:51:20.140 INFO - Load quality profiles
17:51:20.204 INFO - Load quality profiles (done) | time=64ms
17:51:20.208 INFO - Load active rules
17:51:20.672 INFO - Load active rules (done) | time=464ms
17:51:20.719 WARN - SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
17:51:20.719 INFO - Publish mode
17:51:20.721 INFO - ------------- Scan ZAP SonarQube Test
17:51:20.829 INFO - Load server rules
17:51:20.934 INFO - Load server rules (done) | time=105ms
17:51:20.991 INFO - Base dir: /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace
17:51:20.991 INFO - Working dir: /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace/.sonar
17:51:20.993 INFO - Source paths: src
17:51:20.993 INFO - Source encoding: UTF-8, default locale: en_US
17:51:20.993 INFO - Index files
17:51:21.000 INFO - 0 files indexed
17:51:21.447 INFO - JaCoCoSensor: JaCoCo report not found : /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace/target/jacoco.exec
17:51:21.448 INFO - JaCoCoItSensor: JaCoCo IT report not found: /Users/steve/.jenkins/jobs/ZAP SonarQube Test/workspace/target/jacoco-it.exec
17:51:21.475 INFO - Sensor Lines Sensor
17:51:21.475 INFO - Sensor Lines Sensor (done) | time=0ms
17:51:21.475 INFO - Sensor OWASP Zed Attack Proxy
17:51:21.475 INFO - Process ZAP report
17:51:22.471 INFO - Process ZAP report (done) | time=996ms
17:51:22.484 INFO - Sensor OWASP Zed Attack Proxy (done) | time=1009ms
17:51:22.484 INFO - Sensor SCM Sensor
17:51:22.484 INFO - No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
17:51:22.484 INFO - Sensor SCM Sensor (done) | time=0ms
17:51:22.484 INFO - Sensor Zero Coverage Sensor
17:51:22.484 INFO - Sensor Zero Coverage Sensor (done) | time=0ms
17:51:22.484 INFO - Sensor Code Colorizer Sensor
17:51:22.484 INFO - Sensor Code Colorizer Sensor (done) | time=0ms
17:51:22.484 INFO - Sensor CPD Block Indexer
17:51:22.484 INFO - Sensor CPD Block Indexer (done) | time=0ms
17:51:22.485 INFO - Calculating CPD for 0 files
17:51:22.485 INFO - CPD calculation finished
17:51:22.543 INFO - Analysis report generated in 57ms, dir size=99 KB
17:51:22.561 INFO - Analysis reports compressed in 18ms, zip size=7 KB
17:51:22.610 INFO - Analysis report uploaded in 49ms
17:51:22.610 INFO - ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/org.sonar.plugins:zap-sonar-plugin
17:51:22.610 INFO - Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
17:51:22.610 INFO - More about the report processing at http://localhost:9000/api/ce/task?id=AVmFpLrcSsgw1eY-iihN
from zap-sonar-plugin.
Hello @stevespringett.
I check the log and I was able to correct the errors. T
hank for the help. I appreciate.
Regard
from zap-sonar-plugin.
Hi! I would like to know if this plugin is working with newer versions of Sonar. There are not widgets anymore, so I thought there were some kind of "More" menu, such as in OWASP Dependency Check.
from zap-sonar-plugin.
@diegochavezcarro yes, widgets were removed with SQ 6.0 and replaced with non-customizable measures displayed in the UI. But they did introduce the concept of a 'page' which we also support.
from zap-sonar-plugin.
@stevespringett Do you mean we have to create a page (https://docs.sonarqube.org/display/DEV/Creating+a+Page) or do you have one example in this project?
from zap-sonar-plugin.
I'm facing a similar problem, but no matter where i put the report, the Sensor ZAP from Sonarqube don't find the report file. I tried to bind to a lot of paths but it simply don't work. If i execute a "ls -lah" during the pipeline execution, the file is there.
I have a stack of Tools like Jenkins (Master/Slaves) and SonarQube running on Docker separate container and made Dependency-Check work, but with sonar-zap-plugin i had no success. Somebody could help me?
from zap-sonar-plugin.
Fixed in release 2.1.0.
from zap-sonar-plugin.
Related Issues (20)
- Zap plugin not working with Java 11 and SonarCube 8.3 HOT 3
- Problem with newer SonarQube versions HOT 1
- Use JUnit 5
- Update zap rules HOT 5
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:3.2.2
- [DepShield] (CVSS 7.5) Vulnerability due to usage of debug:2.6.9
- [DepShield] (CVSS 7.5) Vulnerability due to usage of express:4.17.1
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:5.1.0
- [DepShield] (CVSS 7.5) Vulnerability due to usage of http-proxy:1.18.1
- [DepShield] (CVSS 5.3) Vulnerability due to usage of kind-of:4.0.0
- Java error when adding report HTML Azure Devops CI HOT 2
- the plugin doesn't support multibranch HOT 2
- DepShield encountered errors while building your project
- [DepShield] (CVSS 7.2) Vulnerability due to usage of lodash:4.17.20
- HTML report does not show on SonarQube HOT 3
- Upload multiple ZAP Reports HOT 1
- No HTML-Report found. Please check property sonar.zaproxy.htmlReportPath HOT 3
- DepShield Deprecation Notice
- Error during SonarQube Scanner execution
- zap-sonar-plugin
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zap-sonar-plugin.