OWASP SonarQube Project
How to use:
- docker pull owasp/sonarqube
- docker run -d -p 9000:9000 -p 9092:9092 owasp/sonarqube
Navigate to (on the same machine):
OWASP SonarQube Project
License: GNU Lesser General Public License v3.0
OWASP SonarQube Project
How to use:
Navigate to (on the same machine):
Hello,
Sonarqube keeps crashing if running from docker-compose.
Example:
version: '2'
services:
sonarqube:
image: owasp/sonarqube
ports:
- "9000:9000"
- "9092:9092"
networks:
jenkins:
steps
docker run -d -p 9000:9000 -p 9092:9092 -e SQ_GITLAB_VERSION='4.0.0' --name basim owasp/sonarqube
Actual results
observed in the logs
2018.11.07 12:37:15 INFO web[][o.s.s.p.ServerPluginRepository] Deploy plugin GitLab / 3.0.2 / d04a1b6f22629bab354ac29599b3b78a190a9311
also observed in the marketplace installed plugins still has 3.0.2
Expected Results
Gitlab version 4.0.0 plugin to be installed
Hi,
I ran the Owasp SonarQube Docker and I wanted to try it with just a simple maven project from Spring Initializr.
But when I compile my maven project :
mvn sonar:sonar \
-Dsonar.host.url=http://localhost:9000 \
-Dsonar.login=somelogin
I get this error :
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar (default-cli) on project demo: Unable to load component class org.sonar.scanner.scan.ProjectLock.
However when I try with the official SonarQube Docker it works.
Thank you,
Kevin
A range of sonarqube plugins that cover different aspects of https://www.owasp.org/index.php/Component_Analysis
License : https://github.com/porscheinformatik/sonarqube-licensecheck
Known Vulnerabilities : https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin (already included)
Outdated Components : https://github.com/reallyinsane/mathan-dependency-updates-sonar-plugin
https://bitbucket.org/excentia/sonarqube-tattletale-plugin/src/master/ no 7.9(only 5.6) support but provides
Identify dependencies between JAR files
Spot if a class/package is located in multiple JAR files
Spot if the same JAR file is located in multiple locations
best regards
Hi! I'm the OWASP Benchmark Project lead and we used to have support for scanning OWASP Benchmark (https://github.com/OWASP/Benchmark) with SonarQube years ago, but that feature hasn't been maintained.
Can you add support for scanning OWASP Benchmark to your project, or mine, leveraging this project? I.e., a simple script or instructions? Once we have the ability to do such a scan easily and repeatably, I can then update the scorecard generation capabilities in Benchmark for SonarQube. This would be great as we haven't been able to generate a scorecard for SonarQube against Benchmark in a long while.
Would it be possible to include a license in the repo itself, or at least mention the license in the readme?
The OWASP website mentions that this is licensed under the Apache 2.0 license
https://www.owasp.org/index.php/OWASP_SonarQube_Project#tab=Main
Thanks!
This could be a great project but i need more info :
what does this project add to the offical docker image https://hub.docker.com/_/sonarqube/ ?
what version of sonarqube is used ?
Building out the docker image it looks like quite a few of the plugin jars you are referencing are no longer available.
I've corrected/updated them for whats available 11/7/2018 so the docker image now builds.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.