Sonarqube vulnerabilities jenkins

SonarQube
, ,
1

Hi to everyone,
i want to scanner vulnerabilities on sonarqube

image
image956×298 24.8 KB

we use Jenkins and i don´t know if i am missing any step on jenkins to achieve this goal.
Also upload my sonar.properties

    sonar.projectKey=xxx

    sonar.projectName=xxx

    sonar.sourceEncoding=UTF-8

    sonar.javascript.file.suffixes=.js,.jsx

    sonar.sources=js

    # exclude some files and folders (typically dependencies)

    sonar.exclusions=bower_components/**/*, node_modules/**/*, gulp_tasks/**/*, nginx/**/*, conf/**/*, dist/**/*, node_modules/**

    sonar.eslint.reportPaths=report.json

    sonar.java.binaries=**/classes/**

    sonar.testExecutionReportPaths=test-report.xml

    sonar.javascript.lcov.reportPaths=./coverage/lcov.info

Thanks for help!!

2

Hi,

Welcome to the community!

Off-hand it doesn’t look like you’re doing anything wrong. Based on the other values I see in your project homepage, it looks like you’re dealing with a fairly small, fairly clean code base. Are you sure that there are currently vulnerabilities that analysis should be picking up?

As a side note, if your project is pure JavaScript, there’s no need to define sonar.java.binaries in your analysis properties.

 
Ann

3

hi,
Thanks for your answer,
i think we should have any vulnerability, our project has more than 42K lines so is not a small project for this reason i think we should have some vulnerability. And our project is a React Native project so most of the code is JS but we have implemented some native java code for the android features.
Thank you!!

4

Hi,

Well… the next things to do would be

  • make sure you’re on a recent version of SonarQube - your OP doesn’t say, but the project homepage you show is several versions old at this point
  • make sure you have security rules enabled in your Quality Profile

 
Ann

5

hello, i attached 2 files, one of the version, we are using 7.3 and other for the rules

image
image757×62 6.61 KB

image
image1301×354 35 KB

image
image891×175 12.6 KB

6

Hi,

Version 7.3 is well past EOL. You should upgrade immediately. Your upgrade path is:

7.3 → 7.9.6 → 8.8 (last step optional)

Once you do, you’ll find you have access to many more Vulnerability rules.

 
Ann