Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Readme.md #191

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Create Readme.md #191

wants to merge 4 commits into from

Conversation

snehal-vahule
Copy link
Contributor

Added file for dependency scanning using OWASP with SonarQube.

@snehal-vahule
Create Readme.md
c25a1a3 
Added file for dependency scanning using OWASP with SonarQube.
@snehal-vahule snehal-vahule requested a review from a team October 15, 2021 08:30
iw-ezequiel
iw-ezequiel suggested changes Oct 20, 2021
View reviewed changes
tools/dependency-check-OWASP/Readme.md Outdated

This SonarQube plugin does not perform analysis, rather, it reads existing Dependency-Check reports. Use one of the other available methods to scan project dependencies and generate the necessary JSON report which can then be consumed by this plugin. Refer to the [Dependency-Check project](https://github.com/jeremylong/DependencyCheck) for relevant [documentation](https://jeremylong.github.io/DependencyCheck/).

Is it veru quick and easy to configure depenedency scanning in your azure devops pipeline.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo :)

tools/dependency-check-OWASP/Readme.md
SonarQube empowers all developers to write cleaner and safer code. SonarQube provides clear remediation guidance for developers to understand and fix issues and for teams overall to deliver better, safer software.

<!--Security Vulnerabilities require immediate action. SonarQube provides detailed issue descriptions and code highlights that explain why your code is at risk.-->

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe get straight to the point here, as generic descriptions of Sonarqube are also elsewhere in the framework?

tools/dependency-check-OWASP/Readme.md
Is it veru quick and easy to configure depenedency scanning in your azure devops pipeline.

- Install Dependency-Check plugin on SonarQube.
- In your azure build pipeline add SonarQube prepare task
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be worth creating a section for Azure - we'll probably need similar for Jenkins/Github actions/Gitlab CI?

@snehal-vahule snehal-vahule requested a review from a team as a code owner November 17, 2021 11:29
@sonarcloud
Copy link

sonarcloud bot commented Jul 8, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iw-ezequiel iw-ezequiel iw-ezequiel requested changes

@dlarkman dlarkman Awaiting requested review from dlarkman

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snehal-vahule @iw-ezequiel