SonarQube opensource vulnerability detection using Dependency Check Sonar Plugin

Hi All,

I am currently using the SonarQube 8.2 & need to integrate the Dependency Checker Sonar Plugin into the Quality gate?

Please if you can help on the same.



from what i read here ,
you need to set the severity =

To configure the severity of the created issues you can optionally specify the minimum score for each severity with the following parameter. Specify a score of -1 to completely disable a severity.

sonar.dependencyCheck.severity.blocker=9.0 sonar.dependencyCheck.severity.critical=7.0 sonar.dependencyCheck.severity.major=4.0 sonar.dependencyCheck.severity.minor=0.0

Then your quality gate needs some conditions, i.e no new blocker / critical …


1 Like