Hello ,
we have our gradle project analyzed in sonarqube and for sonarqube we were able to scan dependency-check and pushed the report to sonarqube . It is working well with sonarqube.
As we have decided to analyze all our projects on sonarcloud, we wanted to setup same dependency-check report to be analyzed by sonarcloud as well. We pointed sonar host to sonarcloud URL and updated the sonar_token as well . But we are seeing error scanning those dependency-check reports . I have attached the screenshot of the error we are facing.
here is the gradle command we use to push the report to sonarcloud
./gradlew dependencyCheckAnalyze sonar --stacktrace -Dorg.gradle.jvmargs="-XX:+UseG1GC" -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_TOKEN -Davail.nexus.user=$Nexus_REPO_USER -Davail.nexus.password=$Nexus_REPO_PASS
here is the sonar properties that we set in gradle
sonar{
properties{
property 'sonar.projectKey', '<project-key>'
property 'sonar.host.url', 'https://sonarcloud.io'
property 'sonar.organization', '<orgname>'
property 'sonar.dependencyCheck.jsonReportPath', "<dependeny-check-report-path>"
property 'sonar.dependencyCheck.htmlReportPath', "dependeny-check-report-path"
}
}
error:
I would be appreciative if i understand following doubts properly:
- where will be able to see the report for dependency-check if those are analyzed properly by sonarcloud?
- do we need any extra setup to be able to analyze dependency-check reports?
Thank You
Anjali Tandel