[NEW RELEASE] 42Crunch REST API Static Security Testing 1.0.0

Hi Ann,

well that’s unfortunate to hear. I’m sure you’re acting in best interest of SonarQube users, but I’m not sure how this decision benefits them, as no upload can happen without user signing up and consenting to the uploads first.

As for a version that imports a report from our servers – somehow the OpenAPI files will have to be uploaded for analysis, and asking user to do it manually each time is hardly going to work.

However, we have a mode in our CI/CD plugins where we don’t search for all OpenAPI files in the project, but rather ask user to manually upload files to the platform, record their IDs and configure plugin with list of project filenames and IDs example. Each time the plugins run in this mode, no new files are uploaded but the specified files are updated.

Would implementing this functionality in the plugin be something that you’d consider?

Regards,
Anton

Hi Anton,

It sounds like you’re still proposing to upload files during analysis, so no.

 
:woman_shrugging:
Ann

Hi Ann,

so it looks like out plugin can’t work around this limitation then. Does it mean by the way, that no cloud based plugin be accepted to SonarQube marketplace?

Regards,
Anton

Hi Anton,

If by cloud-based you mean plugins that upload the user’s files to 3rd-party servers… no.

 
Ann

Thanks for clarification Ann! And thanks for spending your time looking at the plugin, even if it didn’t get approved…

Regards,
Anton