st-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension): V9.9.5
- how is SonarQube deployed: zip, Docker, Helm:Docker
User is trying to perform analysis in Sonar and getting below message:
[2024-07-03T20:07:35.588Z] Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field “confidentialityImpact” (class org.sonar.dependencycheck.parser.element.CvssV2), not marked as ignorable (2 known properties: “score”, “severity”])
[2024-07-03T20:07:35.588Z] at [Source: (sun.nio.ch.ChannelInputStream); line: 1, column: 41767] (through reference chain: org.sonar.dependencycheck.parser.element.Analysis[“dependencies”]->java.util.ArrayList[31]->org.sonar.dependencycheck.parser.element.Dependency[“vulnerabilities”]->java.util.ArrayList[0]->org.sonar.dependencycheck.parser.element.Vulnerability[“cvssv2”]->org.sonar.dependencycheck.parser.element.CvssV2[“confidentialityImpact”])
[2024-07-03T20:07:35.588Z] at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61)
[2024-07-03T20:07:35.588Z] at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:1132)
Tried adding below parameters in sonar.properties:
sonar.dependencyCheck.jsonReportPath=${WORKSPACE}/dependency-check-report.json
sonar.dependencyCheck.htmlReportPath=${WORKSPACE}/dependency-check-report.html
sonar.dependencyCheck.severity.high=7.0
sonar.dependencyCheck.severity.medium=4.0
sonar.dependencyCheck.severity.low=0.0
sonar.dependencyCheck.summarize=true
sonar.dependencyCheck.skip=true
sonar.dependencyCheck.securityHotspot=true
sonar.dependencyCheck.useFilePath=true
Added below parameter to ignore all properties:
> ObjectMapper objectMapper = getObjectMapper();objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
Any assistance is appreciated!