SonarQube opensource vulnerability detection using Dependency Check Sonar Plugin

Hi All,

I am currently using the SonarQube 8.2 & need to integrate the Dependency Checker Sonar Plugin into the Quality gate?

Please if you can help on the same.

regards,
Sushil

Hi,

from what i read here https://github.com/dependency-check/dependency-check-sonar-plugin ,
you need to set the severity =

To configure the severity of the created issues you can optionally specify the minimum score for each severity with the following parameter. Specify a score of -1 to completely disable a severity.

sonar.dependencyCheck.severity.blocker=9.0 sonar.dependencyCheck.severity.critical=7.0 sonar.dependencyCheck.severity.major=4.0 sonar.dependencyCheck.severity.minor=0.0

Then your quality gate needs some conditions, i.e no new blocker / critical …

Gilbert

1 Like