Template for a good new topic, formatted with Markdown:
- Bitbucket Cloud
- AWS Codepipline for CI
We’ve connected a React/Node project to SonarCloud.
I’d like to import the results from npm audit as issues in SonarCloud.
I am using the following command to generate both a JSON and HTML report of dependency issues returned from the ‘npm audit’ command.
npm audit --json > ./coverage/npm-audit.json && ./node_modules/.bin/npm-audit-html --input ./coverage/npm-audit.json --output ./coverage/npm-audit.html
In the docs, I found a reference to the following sonar project properties…
These may just be for Java projects though. How do we confirm that dependency analysis issues are making their way into our SonarCloud instance? If they aren’t, what’s the best way to do so?