Sonarqube version 10.7 is used for our custom rule creation and analysis.
-
what are you trying to achieve -
1)Have been using a java maven project. I am trying to create a rule in sonarqube called “remove a particular dependency from pom.xml” -
what have you tried so far to achieve this :
1)Used a template “Track Disallowed dependencies” id : S3417 from sonarqube UI to create a custom rule “remove log4j dependency from pom.xml” with expression*:.*log4j.*and added the rule to a quality profile.
- When a project with ‘log4j’ dependency in pom.xml is scanned with sonarqube it is not detecting the above rule issue “remove log4j dependency from pom.xml”.
Alternately,
I have also tried to create custom rule by making use of dependency “sonar-xml-plugin-api” but could not get sonar-xml-plugin-api related jar from repository (jfrog/repo).
Please advise or suggest any solution.
Thank you.
