Sonarcloud dependency-check is not working for gradle project

Hello ,

we have our gradle project analyzed in sonarqube and for sonarqube we were able to scan dependency-check and pushed the report to sonarqube . It is working well with sonarqube.

As we have decided to analyze all our projects on sonarcloud, we wanted to setup same dependency-check report to be analyzed by sonarcloud as well. We pointed sonar host to sonarcloud URL and updated the sonar_token as well . But we are seeing error scanning those dependency-check reports . I have attached the screenshot of the error we are facing.

here is the gradle command we use to push the report to sonarcloud
./gradlew dependencyCheckAnalyze sonar --stacktrace -Dorg.gradle.jvmargs="-XX:+UseG1GC"$SONAR_HOST_URL -Dsonar.login=$SONAR_TOKEN$Nexus_REPO_USER$Nexus_REPO_PASS

here is the sonar properties that we set in gradle

    property 'sonar.projectKey', '<project-key>'
    property '', ''
    property 'sonar.organization', '<orgname>'
    property 'sonar.dependencyCheck.jsonReportPath', "<dependeny-check-report-path>"
    property 'sonar.dependencyCheck.htmlReportPath', "dependeny-check-report-path"


I would be appreciative if i understand following doubts properly:

  1. where will be able to see the report for dependency-check if those are analyzed properly by sonarcloud?
  2. do we need any extra setup to be able to analyze dependency-check reports?

Thank You
Anjali Tandel

Hey there.

GitHub - dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube is a community-supported plugin that you would have installed on your SonarQube server. SonarCloud does not support community-supported plugins, and therefore you won’t be able to import these reports unless the data can be converted to Generic Issue Data.

1 Like

Thank you @Colin for the response. Appreciate the answer.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.