I’m using the sonarqube-maven-plugin in combination with OWASP tools in my Jenkins CI.
After build and unit / integration tests have completed, I run OWASP dependency-check (Maven plugin).
Then the SonarQube scan is executed, and the SonarQube quality gate validates the analysis result.
Later, the application get’s deployed, and some more tests are run.
One of them is the OWASP ZAP API scanner (Docker).
This scanner also creates a result file, which can be uploaded to SonarQube.
Is it possible to upload additional scan results to an existing scan (task id)?