Issues With Dependency-Check HTML Reports in SonarQube

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

  • SQ Version - Developer EditionVersion 8.5.1 (build 38104)
  • SonarScanner Version -
  • Gradle Version - 6.5
  • Dependency Check Plugin - 2.0.5
  • Gradle-Dependency Check Plugin - 5.3.2 (also tried 6.1.2) which is set up below (using Kotlin DSL)
dependencyCheck {
    format = ReportGenerator.Format.ALL

what are you trying to achieve

I am trying to have the dependency-check html reports viewable in sonarqube. The SonarScanner build output says they are updated, but when I try to find them in the associated sonarqube project, I see No HTML-Report found. Please check property sonar.dependencyCheck.htmlReportPath (See figure 1). An example output of the SonarScanner build report is as follows:

sonar-scanner -Dsonar.projectKey=<redacted> -Dsonar.sources=. -Dsonar.exclusions=<redacted> -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/codeCoverage.xml**/build/classes/java -Dsonar.dependencyCheck.xmlReportPath=build/reports/dependency-check-report.xml -Dsonar.dependencyCheck.htmlReportPath=build/reports/dependency-check-report.html -Dsonar.dependencyCheck.jsonReportPath=build/reports/dependency-check-report.json -Dsonar.dependencyCheck.summarize=true

05:31:56  INFO: ------------- Run sensors on project
05:31:56  INFO: Sensor Dependency-Check [dependencycheck]
05:31:56  INFO: Process Dependency-Check report
05:31:56  INFO: Using JSON-Reportparser
05:31:56  INFO: Linking 111 dependencies
05:31:56  INFO: Upload Dependency-Check HTML-Report
05:31:56  INFO: Process Dependency-Check report (done) | time=734ms
05:31:56  INFO: Sensor Dependency-Check [dependencycheck] (done) | time=735ms
05:31:56  INFO: Sensor Zero Coverage Sensor
05:31:56  INFO: Sensor Zero Coverage Sensor (done) | time=2ms
05:31:56  INFO: CPD Executor 1 file had no CPD blocks
05:31:56  INFO: CPD Executor Calculating CPD for 40 files
05:31:56  INFO: CPD Executor CPD calculation finished (done) | time=84ms
05:31:56  INFO: Load New Code definition
05:31:56  INFO: Load New Code definition (done) | time=12ms
05:31:56  INFO: Analysis report generated in 140ms, dir size=1 MB
05:31:57  INFO: Analysis report compressed in 193ms, zip size=309 KB
05:31:57  INFO: Analysis report uploaded in 64ms

what have you tried so far to achieve this

I am running the sonarscanner with the following flags:


Is there anything else I need to set from a SonarQube standpoint? I am confused because I see INFO: Upload Dependency-Check HTML-Report, but no errors around it. I also ran the sonar scanner in debug mode, and there were no errors.

I can also confirm that the gradle settings are correct and that the path is correct (I can view them on a local browser).

Our environment is Jenkins with docker-agents which then publish to SQ.


Figure 1


That plugin isn’t supported by SonarQube. Its maintainers may be around, watching for problems/questions, but more likely you need to start a conversation / open an issue directly in the plugin community.